Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-14904

Опубликовано: 26 авг. 2020
Источник: ubuntu
Приоритет: low
CVSS2: 6.1
CVSS3: 7.3

Описание

A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

not-affected

2.9.4+dfsg-1
disco

ignored

end of life
eoan

ignored

end of life
esm-apps/bionic

released

2.5.1+dfsg-1ubuntu0.1+esm5
esm-apps/focal

not-affected

2.9.4+dfsg-1
esm-apps/jammy

not-affected

2.9.4+dfsg-1
esm-apps/noble

not-affected

2.9.4+dfsg-1
esm-apps/xenial

released

2.0.0.2-2ubuntu1.3+esm5
esm-infra-legacy/trusty

not-affected

code not present

Показывать по

Ссылки на источники

6.1 Medium

CVSS2

7.3 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2019-14904

CVSS3: 7.3
redhat
около 6 лет назад

A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.

nvd логотип

CVE-2019-14904

CVSS3: 7.3
nvd
больше 5 лет назад

A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.

debian логотип

CVE-2019-14904

CVSS3: 7.3
debian
больше 5 лет назад

A flaw was found in the solaris_zone module from the Ansible Community ...

github логотип

GHSA-gwr8-5j83-483c

CVSS3: 7.3
github
почти 5 лет назад

OS Command Injection and Improper Input Validation in ansible

fstec логотип

BDU:2021-03714

CVSS3: 7.3
fstec
больше 5 лет назад

Уязвимость модуля solaris_zone системы управления конфигурациями Ansible, связанная с отсутствием мер по очистке входных данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

6.1 Medium

CVSS2

7.3 High

CVSS3