OS Command Injection Vulnerability in Ansible Engine by Red Hat
CVE-2019-14905

7.3HIGH

Key Information:

Vendor

Red Hat
Status
Ansible
Vendor
CVE Published:
31 March 2020

What is CVE-2019-14905?

A vulnerability exists in specific versions of Ansible Engine, where the nxos_file_copy module allows attackers to manipulate the filename parameter. This exploitation can lead to OS command injections, potentially compromising system confidentiality and integrity on NXOS devices. The affected versions are vulnerable before their respective patch releases, highlighting the importance of updating to secure system environments.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Ansible 2.9.x before 2.9.3

Ansible 2.8.x before 2.8.8

Ansible 2.7.x before 2.7.16

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14905
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2020:0218
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0216
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.