Ansible Vulnerability Exposed in Multiple Versions by Red Hat
CVE-2019-14856

6.4MEDIUM

Key Information:

Vendor

[unknown]

Status
Ansible
Vendor
CVE Published:
26 November 2019

What is CVE-2019-14856?

Ansible versions prior to 2.8.6, 2.7.14, and 2.6.20 exhibit a vulnerability that can potentially compromise the integrity of sensitive operations. This flaw may be exploited under specific conditions, necessitating a proactive approach for users to upgrade to the latest versions to safeguard their environment. It is crucial for administrators to monitor their Ansible installations and apply the appropriate patches as outlined by the vendor advisories to mitigate potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ansible 2.8.6

ansible 2.7.14

ansible 2.6.20

References

https://access.redhat.com/errata/RHSA-2020:0756
vendor-advisoryx_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2020...
vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2020...
vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.