Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-14905

Опубликовано: 31 мар. 2020
Источник: ubuntu
Приоритет: medium
CVSS2: 4.6
CVSS3: 5.6

Описание

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

not-affected

2.9.4+dfsg-1
disco

ignored

end of life
eoan

ignored

end of life
esm-apps/bionic

needed

esm-apps/focal

not-affected

2.9.4+dfsg-1
esm-apps/jammy

not-affected

2.9.4+dfsg-1
esm-apps/noble

not-affected

2.9.4+dfsg-1
esm-apps/xenial

not-affected

code not present
esm-infra-legacy/trusty

not-affected

code not present

Показывать по

Ссылки на источники

4.6 Medium

CVSS2

5.6 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2019-14905

CVSS3: 5.6
redhat
около 6 лет назад

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.

nvd логотип

CVE-2019-14905

CVSS3: 5.6
nvd
почти 6 лет назад

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.

debian логотип

CVE-2019-14905

CVSS3: 5.6
debian
почти 6 лет назад

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9. ...

github логотип

GHSA-frxj-5j27-f8rf

CVSS3: 5.6
github
почти 5 лет назад

Externally Controlled Reference to a Resource in Another Sphere, Improper Input Validation, and External Control of File Name or Path in Ansible

fstec логотип

BDU:2022-03971

CVSS3: 5.6
fstec
почти 6 лет назад

Уязвимость модуля nxos_file_copy системы управления конфигурациями Ansible, позволяющая нарушителю выполнить произвольные команды

4.6 Medium

CVSS2

5.6 Medium

CVSS3