Ansible Vulnerability Exposed in Multiple Versions by Red Hat
CVE-2019-14856

6.4MEDIUM

Key Information:

Vendor: [unknown]
Status: Ansible
Vendor: CVE Published:; 26 November 2019

What is CVE-2019-14856?

Ansible versions prior to 2.8.6, 2.7.14, and 2.6.20 exhibit a vulnerability that can potentially compromise the integrity of sensitive operations. This flaw may be exploited under specific conditions, necessitating a proactive approach for users to upgrade to the latest versions to safeguard their environment. It is crucial for administrators to monitor their Ansible installations and apply the appropriate patches as outlined by the vendor advisories to mitigate potential risks.

Affected Version(s)

ansible 2.8.6

ansible 2.7.14

ansible 2.6.20

References

https://access.redhat.com/errata/RHSA-2020:0756

vendor-advisoryx_refsource_REDHAT

http://lists.opensuse.org/opensuse-security-announce/2020...

vendor-advisoryx_refsource_SUSE

http://lists.opensuse.org/opensuse-security-announce/2020...

vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

CVSS V3.0

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 26, 2019
Vulnerability Reserved
Aug 10, 2019

CVE-2019-14856 Data

JSON

[unknown]

What is CVE-2019-14856?

Affected Version(s)

References

CVSS V3.1

CVSS V3.0

Timeline