Vulnerability Database
289,599
Total vulnerabilities in the database
CVE-2019-14905
A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.
| Software | From | Fixed in |
|---|---|---|
| redhat / ansible_engine | 2.7.0 | 2.7.16 |
| redhat / ansible_engine | 2.8.0 | 2.8.8 |
| redhat / ansible_engine | 2.9.0 | 2.9.3 |
| redhat / cloudforms_management_engine | 5.0 | 5.0.x |
| redhat / ceph_storage | 3.0 | 3.0.x |
| redhat / ansible_tower | 3.0.0 | 3.0.0.x |
| redhat / openstack | 13 | 13.x |
| fedoraproject / fedora | 30 | 30.x |
| opensuse / leap | 15.1 | 15.1.x |
| opensuse / backports_sle | 15.0-sp1 | 15.0-sp1.x |
ansible
|
2.7.0 | 2.7.16 |
|
ansible
|
2.8.0 | 2.8.8 |
|
ansible
|
2.9.0 | 2.9.3 |
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
- https://access.redhat.com/errata/RHSA-2020:0216
- https://access.redhat.com/errata/RHSA-2020:0218
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14905
- https://lists.fedoraproject.org/archives/list/[email protected]/message/5BNCYPQ4BY5QHBCJOAOPANB5FHATW2BR/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BNCYPQ4BY5QHBCJOAOPANB5FHATW2BR/