Action not permitted
Modal body text goes here.
CVE-2019-14904
Vulnerability from cvelistv5
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1776944 | Issue Tracking, Vendor Advisory | |
secalert@redhat.com | https://github.com/ansible/ansible/pull/65686 | Patch, Third Party Advisory | |
secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html | Mailing List, Third Party Advisory | |
secalert@redhat.com | https://www.debian.org/security/2021/dsa-4950 | Third Party Advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T00:26:39.194Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1776944" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ansible/ansible/pull/65686" }, { "name": "[debian-lts-announce] 20210127 [SECURITY] [DLA 2535-1] ansible security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html" }, { "name": "DSA-4950", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2021/dsa-4950" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ansible", "vendor": "n/a", "versions": [ { "status": "affected", "version": "All versions before ansible-engine 2.9.4, before ansible-engine 2.8.8 and before ansible-engine 2.7.16" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the \u0027ps\u0027 bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 leads to CWE-78", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-08-07T14:06:26", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1776944" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ansible/ansible/pull/65686" }, { "name": "[debian-lts-announce] 20210127 [SECURITY] [DLA 2535-1] ansible security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html" }, { "name": "DSA-4950", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2021/dsa-4950" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2019-14904", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ansible", "version": { "version_data": [ { "version_value": "All versions before ansible-engine 2.9.4, before ansible-engine 2.8.8 and before ansible-engine 2.7.16" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the \u0027ps\u0027 bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20 leads to CWE-78" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1776944", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1776944" }, { "name": "https://github.com/ansible/ansible/pull/65686", "refsource": "MISC", "url": "https://github.com/ansible/ansible/pull/65686" }, { "name": "[debian-lts-announce] 20210127 [SECURITY] [DLA 2535-1] ansible security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html" }, { "name": "DSA-4950", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4950" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-14904", "datePublished": "2020-08-25T23:21:47", "dateReserved": "2019-08-10T00:00:00", "dateUpdated": "2024-08-05T00:26:39.194Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2019-14904\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2020-08-26T03:15:11.830\",\"lastModified\":\"2023-11-07T03:05:22.297\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the \u0027ps\u0027 bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 un fallo en el m\u00f3dulo solaris_zone de los m\u00f3dulos de la Comunidad Ansible. Al establecer el nombre de la zona en el host de Solaris, el nombre de la zona se comprueba listando el proceso con el comando \u0027ps\u0027 bare en la m\u00e1quina remota. Un atacante podr\u00eda aprovecharse de esta falla creando el nombre de la zona y ejecutando comandos arbitrarios en el host remoto. Las m\u00e1quinas Ansible versiones 2.7.15, 2.8.7 y 2.9.2, as\u00ed como las versiones anteriores est\u00e1n afectadas\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.5,\"impactScore\":5.3}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:P/A:P\",\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":6.1},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":8.5,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.15\",\"matchCriteriaId\":\"542B9A70-EC53-4209-A2BB-9453A3905376\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.8.0\",\"versionEndExcluding\":\"2.8.7\",\"matchCriteriaId\":\"2ACB4513-DE0E-4EB6-91FC-D72D716595AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.9.0\",\"versionEndExcluding\":\"2.9.2\",\"matchCriteriaId\":\"9EA71BF5-CDCD-404A-920F-E37673400F46\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1776944\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/ansible/ansible/pull/65686\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4950\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
rhsa-2020_0217
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for ansible is now available for Ansible Engine 2.7\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Ansible is a simple model-driven configuration management,\nmulti-node deployment, and remote-task execution system. Ansible works over\nSSH and does not require any software or daemons to be installed on remote\nnodes. Extension modules can be written in any language and are transferred\nto managed machines automatically.\n\nThe following packages have been upgraded to a newer upstream version: ansible (2.7.16)\n\nBug Fix(es):\n* CVE-2019-14904 Ansible: vulnerability in solaris_zone module via crafted solaris zone\n* CVE-2019-14905 Ansible: malicious code could craft filename in nxos_file_copy module\n\nSee: https://github.com/ansible/ansible/blob/v2.7.16/changelogs/CHANGELOG-v2.7.rst for details on bug fixes in this release.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:0217", "url": "https://access.redhat.com/errata/RHSA-2020:0217" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1776943", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1776943" }, { "category": "external", "summary": "1776944", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1776944" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0217.json" } ], "title": "Red Hat Security Advisory: Ansible security and bug fix update (2.7.16)", "tracking": { "current_release_date": "2024-11-15T04:14:19+00:00", "generator": { "date": "2024-11-15T04:14:19+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:0217", "initial_release_date": "2020-01-23T16:46:55+00:00", "revision_history": [ { "date": "2020-01-23T16:46:55+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-01-23T16:46:55+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T04:14:19+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Ansible Engine 2.7 for RHEL 7 Server", "product": { "name": "Red Hat Ansible Engine 2.7 for RHEL 7 Server", "product_id": "7Server-Ansible-2.7", "product_identification_helper": { "cpe": "cpe:/a:redhat:ansible_engine:2.7::el7" } } } ], "category": "product_family", "name": "Red Hat Ansible Engine" }, { "branches": [ { "category": "product_version", "name": "ansible-0:2.7.16-1.el7ae.noarch", "product": { "name": "ansible-0:2.7.16-1.el7ae.noarch", "product_id": "ansible-0:2.7.16-1.el7ae.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ansible@2.7.16-1.el7ae?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "ansible-0:2.7.16-1.el7ae.src", "product": { "name": "ansible-0:2.7.16-1.el7ae.src", "product_id": "ansible-0:2.7.16-1.el7ae.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ansible@2.7.16-1.el7ae?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ansible-0:2.7.16-1.el7ae.noarch as a component of Red Hat Ansible Engine 2.7 for RHEL 7 Server", "product_id": "7Server-Ansible-2.7:ansible-0:2.7.16-1.el7ae.noarch" }, "product_reference": "ansible-0:2.7.16-1.el7ae.noarch", "relates_to_product_reference": "7Server-Ansible-2.7" }, { "category": "default_component_of", "full_product_name": { "name": "ansible-0:2.7.16-1.el7ae.src as a component of Red Hat Ansible Engine 2.7 for RHEL 7 Server", "product_id": "7Server-Ansible-2.7:ansible-0:2.7.16-1.el7ae.src" }, "product_reference": "ansible-0:2.7.16-1.el7ae.src", "relates_to_product_reference": "7Server-Ansible-2.7" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Abhijeet Kasurde" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-14904", "cwe": { "id": "CWE-78", "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)" }, "discovery_date": "2019-11-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1776944" } ], "notes": [ { "category": "description", "text": "A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the \u0027ps\u0027 bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host.", "title": "Vulnerability description" }, { "category": "summary", "text": "Ansible: vulnerability in solaris_zone module via crafted solaris zone", "title": "Vulnerability summary" }, { "category": "other", "text": "Because a flaw exploit would depend on the use of Solaris and Red Hat does not support RHOSP on Solaris, the RHOSP Ansible package will not be updated at this time.\n\nAnsible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Ansible-2.7:ansible-0:2.7.16-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.16-1.el7ae.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14904" }, { "category": "external", "summary": "RHBZ#1776944", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1776944" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14904", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14904" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14904", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14904" } ], "release_date": "2019-11-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-01-23T16:46:55+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Ansible-2.7:ansible-0:2.7.16-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.16-1.el7ae.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0217" }, { "category": "workaround", "details": "Currently, there is no mitigation for this issue.", "product_ids": [ "7Server-Ansible-2.7:ansible-0:2.7.16-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.16-1.el7ae.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L", "version": "3.0" }, "products": [ "7Server-Ansible-2.7:ansible-0:2.7.16-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.16-1.el7ae.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Ansible: vulnerability in solaris_zone module via crafted solaris zone" }, { "acknowledgments": [ { "names": [ "Abhijeet Kasurde" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-14905", "cwe": { "id": "CWE-73", "name": "External Control of File Name or Path" }, "discovery_date": "2019-11-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1776943" } ], "notes": [ { "category": "description", "text": "A vulnerability in Ansible\u0027s nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.", "title": "Vulnerability description" }, { "category": "summary", "text": "Ansible: malicious code could craft filename in nxos_file_copy module", "title": "Vulnerability summary" }, { "category": "other", "text": "Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.\n\nRed Hat Gluster Storage 3 and Red Hat Ceph Storage 3 no longer maintain their own version of Ansible. Therefore this fix will be consumed directly from core Ansible.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Ansible-2.7:ansible-0:2.7.16-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.16-1.el7ae.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14905" }, { "category": "external", "summary": "RHBZ#1776943", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1776943" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14905", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14905" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14905", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14905" } ], "release_date": "2019-11-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-01-23T16:46:55+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Ansible-2.7:ansible-0:2.7.16-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.16-1.el7ae.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0217" }, { "category": "workaround", "details": "There is no mitigation for this issue, the flaw can only be resolved by applying updates.", "product_ids": [ "7Server-Ansible-2.7:ansible-0:2.7.16-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.16-1.el7ae.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "7Server-Ansible-2.7:ansible-0:2.7.16-1.el7ae.noarch", "7Server-Ansible-2.7:ansible-0:2.7.16-1.el7ae.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Ansible: malicious code could craft filename in nxos_file_copy module" } ] }
rhsa-2020_0218
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for ansible is now available for Ansible Engine 2\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Ansible is a simple model-driven configuration management, multi-node\ndeployment, and remote-task execution system. Ansible works over SSH and\ndoes not require any software or daemons to be installed on remote nodes.\nExtension modules can be written in any language and are transferred to\nmanaged machines automatically.\n\nThe following packages have been upgraded to a newer upstream version:\nansible (2.9.4)\n\nBug Fix(es):\n* CVE-2019-14904 Ansible: vulnerability in solaris_zone module via crafted\nsolaris zone\n* CVE-2019-14905 Ansible: malicious code could craft filename in\nnxos_file_copy module\n\nSee:\nhttps://github.com/ansible/ansible/blob/v2.9.4/changelogs/CHANGELOG-v2.9.rst\nfor details on bug fixes in this release.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:0218", "url": "https://access.redhat.com/errata/RHSA-2020:0218" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1776943", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1776943" }, { "category": "external", "summary": "1776944", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1776944" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0218.json" } ], "title": "Red Hat Security Advisory: Ansible security and bug fix update (2.9.4)", "tracking": { "current_release_date": "2024-11-15T04:14:34+00:00", "generator": { "date": "2024-11-15T04:14:34+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:0218", "initial_release_date": "2020-01-23T16:50:20+00:00", "revision_history": [ { "date": "2020-01-23T16:50:20+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-01-23T16:50:20+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T04:14:34+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Ansible Engine 2 for RHEL 7", "product": { "name": "Red Hat Ansible Engine 2 for RHEL 7", "product_id": "7Server-Ansible-2", "product_identification_helper": { "cpe": "cpe:/a:redhat:ansible_engine:2::el7" } } }, { "category": "product_name", "name": "Red Hat Ansible Engine 2 for RHEL 8", "product": { "name": "Red Hat Ansible Engine 2 for RHEL 8", "product_id": "8Base-Ansible-2", "product_identification_helper": { "cpe": "cpe:/a:redhat:ansible_engine:2::el8" } } } ], "category": "product_family", "name": "Red Hat Ansible Engine" }, { "branches": [ { "category": "product_version", "name": "ansible-0:2.9.4-1.el7ae.noarch", "product": { "name": "ansible-0:2.9.4-1.el7ae.noarch", "product_id": "ansible-0:2.9.4-1.el7ae.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ansible@2.9.4-1.el7ae?arch=noarch" } } }, { "category": "product_version", "name": "ansible-test-0:2.9.4-1.el7ae.noarch", "product": { "name": "ansible-test-0:2.9.4-1.el7ae.noarch", "product_id": "ansible-test-0:2.9.4-1.el7ae.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ansible-test@2.9.4-1.el7ae?arch=noarch" } } }, { "category": "product_version", "name": "ansible-0:2.9.4-1.el8ae.noarch", "product": { "name": "ansible-0:2.9.4-1.el8ae.noarch", "product_id": "ansible-0:2.9.4-1.el8ae.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ansible@2.9.4-1.el8ae?arch=noarch" } } }, { "category": "product_version", "name": "ansible-test-0:2.9.4-1.el8ae.noarch", "product": { "name": "ansible-test-0:2.9.4-1.el8ae.noarch", "product_id": "ansible-test-0:2.9.4-1.el8ae.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ansible-test@2.9.4-1.el8ae?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "ansible-0:2.9.4-1.el7ae.src", "product": { "name": "ansible-0:2.9.4-1.el7ae.src", "product_id": "ansible-0:2.9.4-1.el7ae.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ansible@2.9.4-1.el7ae?arch=src" } } }, { "category": "product_version", "name": "ansible-0:2.9.4-1.el8ae.src", "product": { "name": "ansible-0:2.9.4-1.el8ae.src", "product_id": "ansible-0:2.9.4-1.el8ae.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ansible@2.9.4-1.el8ae?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ansible-0:2.9.4-1.el7ae.noarch as a component of Red Hat Ansible Engine 2 for RHEL 7", "product_id": "7Server-Ansible-2:ansible-0:2.9.4-1.el7ae.noarch" }, "product_reference": "ansible-0:2.9.4-1.el7ae.noarch", "relates_to_product_reference": "7Server-Ansible-2" }, { "category": "default_component_of", "full_product_name": { "name": "ansible-0:2.9.4-1.el7ae.src as a component of Red Hat Ansible Engine 2 for RHEL 7", "product_id": "7Server-Ansible-2:ansible-0:2.9.4-1.el7ae.src" }, "product_reference": "ansible-0:2.9.4-1.el7ae.src", "relates_to_product_reference": "7Server-Ansible-2" }, { "category": "default_component_of", "full_product_name": { "name": "ansible-test-0:2.9.4-1.el7ae.noarch as a component of Red Hat Ansible Engine 2 for RHEL 7", "product_id": "7Server-Ansible-2:ansible-test-0:2.9.4-1.el7ae.noarch" }, "product_reference": "ansible-test-0:2.9.4-1.el7ae.noarch", "relates_to_product_reference": "7Server-Ansible-2" }, { "category": "default_component_of", "full_product_name": { "name": "ansible-0:2.9.4-1.el8ae.noarch as a component of Red Hat Ansible Engine 2 for RHEL 8", "product_id": "8Base-Ansible-2:ansible-0:2.9.4-1.el8ae.noarch" }, "product_reference": "ansible-0:2.9.4-1.el8ae.noarch", "relates_to_product_reference": "8Base-Ansible-2" }, { "category": "default_component_of", "full_product_name": { "name": "ansible-0:2.9.4-1.el8ae.src as a component of Red Hat Ansible Engine 2 for RHEL 8", "product_id": "8Base-Ansible-2:ansible-0:2.9.4-1.el8ae.src" }, "product_reference": "ansible-0:2.9.4-1.el8ae.src", "relates_to_product_reference": "8Base-Ansible-2" }, { "category": "default_component_of", "full_product_name": { "name": "ansible-test-0:2.9.4-1.el8ae.noarch as a component of Red Hat Ansible Engine 2 for RHEL 8", "product_id": "8Base-Ansible-2:ansible-test-0:2.9.4-1.el8ae.noarch" }, "product_reference": "ansible-test-0:2.9.4-1.el8ae.noarch", "relates_to_product_reference": "8Base-Ansible-2" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Abhijeet Kasurde" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-14904", "cwe": { "id": "CWE-78", "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)" }, "discovery_date": "2019-11-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1776944" } ], "notes": [ { "category": "description", "text": "A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the \u0027ps\u0027 bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host.", "title": "Vulnerability description" }, { "category": "summary", "text": "Ansible: vulnerability in solaris_zone module via crafted solaris zone", "title": "Vulnerability summary" }, { "category": "other", "text": "Because a flaw exploit would depend on the use of Solaris and Red Hat does not support RHOSP on Solaris, the RHOSP Ansible package will not be updated at this time.\n\nAnsible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Ansible-2:ansible-0:2.9.4-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.4-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.4-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.4-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.4-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.4-1.el8ae.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14904" }, { "category": "external", "summary": "RHBZ#1776944", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1776944" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14904", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14904" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14904", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14904" } ], "release_date": "2019-11-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-01-23T16:50:20+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Ansible-2:ansible-0:2.9.4-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.4-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.4-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.4-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.4-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.4-1.el8ae.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0218" }, { "category": "workaround", "details": "Currently, there is no mitigation for this issue.", "product_ids": [ "7Server-Ansible-2:ansible-0:2.9.4-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.4-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.4-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.4-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.4-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.4-1.el8ae.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L", "version": "3.0" }, "products": [ "7Server-Ansible-2:ansible-0:2.9.4-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.4-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.4-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.4-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.4-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.4-1.el8ae.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Ansible: vulnerability in solaris_zone module via crafted solaris zone" }, { "acknowledgments": [ { "names": [ "Abhijeet Kasurde" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-14905", "cwe": { "id": "CWE-73", "name": "External Control of File Name or Path" }, "discovery_date": "2019-11-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1776943" } ], "notes": [ { "category": "description", "text": "A vulnerability in Ansible\u0027s nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.", "title": "Vulnerability description" }, { "category": "summary", "text": "Ansible: malicious code could craft filename in nxos_file_copy module", "title": "Vulnerability summary" }, { "category": "other", "text": "Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.\n\nRed Hat Gluster Storage 3 and Red Hat Ceph Storage 3 no longer maintain their own version of Ansible. Therefore this fix will be consumed directly from core Ansible.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Ansible-2:ansible-0:2.9.4-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.4-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.4-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.4-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.4-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.4-1.el8ae.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14905" }, { "category": "external", "summary": "RHBZ#1776943", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1776943" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14905", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14905" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14905", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14905" } ], "release_date": "2019-11-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-01-23T16:50:20+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Ansible-2:ansible-0:2.9.4-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.4-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.4-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.4-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.4-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.4-1.el8ae.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0218" }, { "category": "workaround", "details": "There is no mitigation for this issue, the flaw can only be resolved by applying updates.", "product_ids": [ "7Server-Ansible-2:ansible-0:2.9.4-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.4-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.4-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.4-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.4-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.4-1.el8ae.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "7Server-Ansible-2:ansible-0:2.9.4-1.el7ae.noarch", "7Server-Ansible-2:ansible-0:2.9.4-1.el7ae.src", "7Server-Ansible-2:ansible-test-0:2.9.4-1.el7ae.noarch", "8Base-Ansible-2:ansible-0:2.9.4-1.el8ae.noarch", "8Base-Ansible-2:ansible-0:2.9.4-1.el8ae.src", "8Base-Ansible-2:ansible-test-0:2.9.4-1.el8ae.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Ansible: malicious code could craft filename in nxos_file_copy module" } ] }
rhsa-2020_0215
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for ansible is now available for Ansible Engine 2.9\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Ansible is a simple model-driven configuration management, multi-node\ndeployment, and remote-task execution system. Ansible works over SSH and\ndoes not require any software or daemons to be installed on remote nodes.\nExtension modules can be written in any language and are transferred to\nmanaged machines automatically.\n\nThe following packages have been upgraded to a newer upstream version:\nansible (2.9.4)\n\nBug Fix(es):\n* CVE-2019-14904 Ansible: vulnerability in solaris_zone module via crafted\nsolaris zone\n* CVE-2019-14905 Ansible: malicious code could craft filename in\nnxos_file_copy module\n\nSee:\nhttps://github.com/ansible/ansible/blob/v2.9.4/changelogs/CHANGELOG-v2.9.rst\nfor details on bug fixes in this release.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:0215", "url": "https://access.redhat.com/errata/RHSA-2020:0215" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1776943", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1776943" }, { "category": "external", "summary": "1776944", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1776944" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0215.json" } ], "title": "Red Hat Security Advisory: Ansible security and bug fix update (2.9.4)", "tracking": { "current_release_date": "2024-11-15T04:15:17+00:00", "generator": { "date": "2024-11-15T04:15:17+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:0215", "initial_release_date": "2020-01-23T16:50:10+00:00", "revision_history": [ { "date": "2020-01-23T16:50:10+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-01-23T16:50:10+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T04:15:17+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Ansible Engine 2.9 for RHEL 7 Server", "product": { "name": "Red Hat Ansible Engine 2.9 for RHEL 7 Server", "product_id": "7Server-Ansible-2.9", "product_identification_helper": { "cpe": "cpe:/a:redhat:ansible_engine:2.9::el7" } } }, { "category": "product_name", "name": "Red Hat Ansible Engine 2.9 for RHEL 8", "product": { "name": "Red Hat Ansible Engine 2.9 for RHEL 8", "product_id": "8Base-Ansible-2.9", "product_identification_helper": { "cpe": "cpe:/a:redhat:ansible_engine:2.9::el8" } } } ], "category": "product_family", "name": "Red Hat Ansible Engine" }, { "branches": [ { "category": "product_version", "name": "ansible-0:2.9.4-1.el7ae.noarch", "product": { "name": "ansible-0:2.9.4-1.el7ae.noarch", "product_id": "ansible-0:2.9.4-1.el7ae.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ansible@2.9.4-1.el7ae?arch=noarch" } } }, { "category": "product_version", "name": "ansible-test-0:2.9.4-1.el7ae.noarch", "product": { "name": "ansible-test-0:2.9.4-1.el7ae.noarch", "product_id": "ansible-test-0:2.9.4-1.el7ae.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ansible-test@2.9.4-1.el7ae?arch=noarch" } } }, { "category": "product_version", "name": "ansible-0:2.9.4-1.el8ae.noarch", "product": { "name": "ansible-0:2.9.4-1.el8ae.noarch", "product_id": "ansible-0:2.9.4-1.el8ae.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ansible@2.9.4-1.el8ae?arch=noarch" } } }, { "category": "product_version", "name": "ansible-test-0:2.9.4-1.el8ae.noarch", "product": { "name": "ansible-test-0:2.9.4-1.el8ae.noarch", "product_id": "ansible-test-0:2.9.4-1.el8ae.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ansible-test@2.9.4-1.el8ae?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "ansible-0:2.9.4-1.el7ae.src", "product": { "name": "ansible-0:2.9.4-1.el7ae.src", "product_id": "ansible-0:2.9.4-1.el7ae.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ansible@2.9.4-1.el7ae?arch=src" } } }, { "category": "product_version", "name": "ansible-0:2.9.4-1.el8ae.src", "product": { "name": "ansible-0:2.9.4-1.el8ae.src", "product_id": "ansible-0:2.9.4-1.el8ae.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ansible@2.9.4-1.el8ae?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ansible-0:2.9.4-1.el7ae.noarch as a component of Red Hat Ansible Engine 2.9 for RHEL 7 Server", "product_id": "7Server-Ansible-2.9:ansible-0:2.9.4-1.el7ae.noarch" }, "product_reference": "ansible-0:2.9.4-1.el7ae.noarch", "relates_to_product_reference": "7Server-Ansible-2.9" }, { "category": "default_component_of", "full_product_name": { "name": "ansible-0:2.9.4-1.el7ae.src as a component of Red Hat Ansible Engine 2.9 for RHEL 7 Server", "product_id": "7Server-Ansible-2.9:ansible-0:2.9.4-1.el7ae.src" }, "product_reference": "ansible-0:2.9.4-1.el7ae.src", "relates_to_product_reference": "7Server-Ansible-2.9" }, { "category": "default_component_of", "full_product_name": { "name": "ansible-test-0:2.9.4-1.el7ae.noarch as a component of Red Hat Ansible Engine 2.9 for RHEL 7 Server", "product_id": "7Server-Ansible-2.9:ansible-test-0:2.9.4-1.el7ae.noarch" }, "product_reference": "ansible-test-0:2.9.4-1.el7ae.noarch", "relates_to_product_reference": "7Server-Ansible-2.9" }, { "category": "default_component_of", "full_product_name": { "name": "ansible-0:2.9.4-1.el8ae.noarch as a component of Red Hat Ansible Engine 2.9 for RHEL 8", "product_id": "8Base-Ansible-2.9:ansible-0:2.9.4-1.el8ae.noarch" }, "product_reference": "ansible-0:2.9.4-1.el8ae.noarch", "relates_to_product_reference": "8Base-Ansible-2.9" }, { "category": "default_component_of", "full_product_name": { "name": "ansible-0:2.9.4-1.el8ae.src as a component of Red Hat Ansible Engine 2.9 for RHEL 8", "product_id": "8Base-Ansible-2.9:ansible-0:2.9.4-1.el8ae.src" }, "product_reference": "ansible-0:2.9.4-1.el8ae.src", "relates_to_product_reference": "8Base-Ansible-2.9" }, { "category": "default_component_of", "full_product_name": { "name": "ansible-test-0:2.9.4-1.el8ae.noarch as a component of Red Hat Ansible Engine 2.9 for RHEL 8", "product_id": "8Base-Ansible-2.9:ansible-test-0:2.9.4-1.el8ae.noarch" }, "product_reference": "ansible-test-0:2.9.4-1.el8ae.noarch", "relates_to_product_reference": "8Base-Ansible-2.9" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Abhijeet Kasurde" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-14904", "cwe": { "id": "CWE-78", "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)" }, "discovery_date": "2019-11-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1776944" } ], "notes": [ { "category": "description", "text": "A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the \u0027ps\u0027 bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host.", "title": "Vulnerability description" }, { "category": "summary", "text": "Ansible: vulnerability in solaris_zone module via crafted solaris zone", "title": "Vulnerability summary" }, { "category": "other", "text": "Because a flaw exploit would depend on the use of Solaris and Red Hat does not support RHOSP on Solaris, the RHOSP Ansible package will not be updated at this time.\n\nAnsible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Ansible-2.9:ansible-0:2.9.4-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.4-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.4-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.4-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.4-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.4-1.el8ae.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14904" }, { "category": "external", "summary": "RHBZ#1776944", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1776944" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14904", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14904" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14904", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14904" } ], "release_date": "2019-11-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-01-23T16:50:10+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Ansible-2.9:ansible-0:2.9.4-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.4-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.4-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.4-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.4-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.4-1.el8ae.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0215" }, { "category": "workaround", "details": "Currently, there is no mitigation for this issue.", "product_ids": [ "7Server-Ansible-2.9:ansible-0:2.9.4-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.4-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.4-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.4-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.4-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.4-1.el8ae.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L", "version": "3.0" }, "products": [ "7Server-Ansible-2.9:ansible-0:2.9.4-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.4-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.4-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.4-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.4-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.4-1.el8ae.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Ansible: vulnerability in solaris_zone module via crafted solaris zone" }, { "acknowledgments": [ { "names": [ "Abhijeet Kasurde" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-14905", "cwe": { "id": "CWE-73", "name": "External Control of File Name or Path" }, "discovery_date": "2019-11-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1776943" } ], "notes": [ { "category": "description", "text": "A vulnerability in Ansible\u0027s nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.", "title": "Vulnerability description" }, { "category": "summary", "text": "Ansible: malicious code could craft filename in nxos_file_copy module", "title": "Vulnerability summary" }, { "category": "other", "text": "Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.\n\nRed Hat Gluster Storage 3 and Red Hat Ceph Storage 3 no longer maintain their own version of Ansible. Therefore this fix will be consumed directly from core Ansible.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Ansible-2.9:ansible-0:2.9.4-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.4-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.4-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.4-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.4-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.4-1.el8ae.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14905" }, { "category": "external", "summary": "RHBZ#1776943", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1776943" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14905", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14905" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14905", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14905" } ], "release_date": "2019-11-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-01-23T16:50:10+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Ansible-2.9:ansible-0:2.9.4-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.4-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.4-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.4-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.4-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.4-1.el8ae.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0215" }, { "category": "workaround", "details": "There is no mitigation for this issue, the flaw can only be resolved by applying updates.", "product_ids": [ "7Server-Ansible-2.9:ansible-0:2.9.4-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.4-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.4-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.4-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.4-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.4-1.el8ae.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "7Server-Ansible-2.9:ansible-0:2.9.4-1.el7ae.noarch", "7Server-Ansible-2.9:ansible-0:2.9.4-1.el7ae.src", "7Server-Ansible-2.9:ansible-test-0:2.9.4-1.el7ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.4-1.el8ae.noarch", "8Base-Ansible-2.9:ansible-0:2.9.4-1.el8ae.src", "8Base-Ansible-2.9:ansible-test-0:2.9.4-1.el8ae.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Ansible: malicious code could craft filename in nxos_file_copy module" } ] }
rhsa-2020_0216
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for ansible is now available for Ansible Engine 2.8\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Ansible is a simple model-driven configuration management, multi-node\ndeployment, and remote-task execution system. Ansible works over SSH and\ndoes not require any software or daemons to be installed on remote nodes.\nExtension modules can be written in any language and are transferred to\nmanaged machines automatically.\n\nThe following packages have been upgraded to a newer upstream version:\nansible (2.8.8)\n\nBug Fix(es):\n* CVE-2019-14904 Ansible: vulnerability in solaris_zone module via crafted\nsolaris zone\n* CVE-2019-14905 Ansible: malicious code could craft filename in\nnxos_file_copy module\n\nSee:\nhttps://github.com/ansible/ansible/blob/v2.8.8/changelogs/CHANGELOG-v2.8.rst\nfor details on bug fixes in this release.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:0216", "url": "https://access.redhat.com/errata/RHSA-2020:0216" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1776943", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1776943" }, { "category": "external", "summary": "1776944", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1776944" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0216.json" } ], "title": "Red Hat Security Advisory: Ansible security and bug fix update (2.8.8)", "tracking": { "current_release_date": "2024-11-15T04:14:26+00:00", "generator": { "date": "2024-11-15T04:14:26+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:0216", "initial_release_date": "2020-01-23T16:50:14+00:00", "revision_history": [ { "date": "2020-01-23T16:50:14+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-01-23T16:50:14+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T04:14:26+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Ansible Engine 2.8 for RHEL 7 Server", "product": { "name": "Red Hat Ansible Engine 2.8 for RHEL 7 Server", "product_id": "7Server-Ansible-2.8", "product_identification_helper": { "cpe": "cpe:/a:redhat:ansible_engine:2.8::el7" } } }, { "category": "product_name", "name": "Red Hat Ansible Engine 2.8 for RHEL 8", "product": { "name": "Red Hat Ansible Engine 2.8 for RHEL 8", "product_id": "8Base-Ansible-2.8", "product_identification_helper": { "cpe": "cpe:/a:redhat:ansible_engine:2.8::el8" } } } ], "category": "product_family", "name": "Red Hat Ansible Engine" }, { "branches": [ { "category": "product_version", "name": "ansible-0:2.8.8-1.el7ae.noarch", "product": { "name": "ansible-0:2.8.8-1.el7ae.noarch", "product_id": "ansible-0:2.8.8-1.el7ae.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ansible@2.8.8-1.el7ae?arch=noarch" } } }, { "category": "product_version", "name": "ansible-0:2.8.8-1.el8ae.noarch", "product": { "name": "ansible-0:2.8.8-1.el8ae.noarch", "product_id": "ansible-0:2.8.8-1.el8ae.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ansible@2.8.8-1.el8ae?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "ansible-0:2.8.8-1.el7ae.src", "product": { "name": "ansible-0:2.8.8-1.el7ae.src", "product_id": "ansible-0:2.8.8-1.el7ae.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ansible@2.8.8-1.el7ae?arch=src" } } }, { "category": "product_version", "name": "ansible-0:2.8.8-1.el8ae.src", "product": { "name": "ansible-0:2.8.8-1.el8ae.src", "product_id": "ansible-0:2.8.8-1.el8ae.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ansible@2.8.8-1.el8ae?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ansible-0:2.8.8-1.el7ae.noarch as a component of Red Hat Ansible Engine 2.8 for RHEL 7 Server", "product_id": "7Server-Ansible-2.8:ansible-0:2.8.8-1.el7ae.noarch" }, "product_reference": "ansible-0:2.8.8-1.el7ae.noarch", "relates_to_product_reference": "7Server-Ansible-2.8" }, { "category": "default_component_of", "full_product_name": { "name": "ansible-0:2.8.8-1.el7ae.src as a component of Red Hat Ansible Engine 2.8 for RHEL 7 Server", "product_id": "7Server-Ansible-2.8:ansible-0:2.8.8-1.el7ae.src" }, "product_reference": "ansible-0:2.8.8-1.el7ae.src", "relates_to_product_reference": "7Server-Ansible-2.8" }, { "category": "default_component_of", "full_product_name": { "name": "ansible-0:2.8.8-1.el8ae.noarch as a component of Red Hat Ansible Engine 2.8 for RHEL 8", "product_id": "8Base-Ansible-2.8:ansible-0:2.8.8-1.el8ae.noarch" }, "product_reference": "ansible-0:2.8.8-1.el8ae.noarch", "relates_to_product_reference": "8Base-Ansible-2.8" }, { "category": "default_component_of", "full_product_name": { "name": "ansible-0:2.8.8-1.el8ae.src as a component of Red Hat Ansible Engine 2.8 for RHEL 8", "product_id": "8Base-Ansible-2.8:ansible-0:2.8.8-1.el8ae.src" }, "product_reference": "ansible-0:2.8.8-1.el8ae.src", "relates_to_product_reference": "8Base-Ansible-2.8" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Abhijeet Kasurde" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-14904", "cwe": { "id": "CWE-78", "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)" }, "discovery_date": "2019-11-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1776944" } ], "notes": [ { "category": "description", "text": "A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the \u0027ps\u0027 bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host.", "title": "Vulnerability description" }, { "category": "summary", "text": "Ansible: vulnerability in solaris_zone module via crafted solaris zone", "title": "Vulnerability summary" }, { "category": "other", "text": "Because a flaw exploit would depend on the use of Solaris and Red Hat does not support RHOSP on Solaris, the RHOSP Ansible package will not be updated at this time.\n\nAnsible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Ansible-2.8:ansible-0:2.8.8-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.8-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.8-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.8-1.el8ae.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14904" }, { "category": "external", "summary": "RHBZ#1776944", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1776944" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14904", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14904" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14904", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14904" } ], "release_date": "2019-11-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-01-23T16:50:14+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Ansible-2.8:ansible-0:2.8.8-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.8-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.8-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.8-1.el8ae.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0216" }, { "category": "workaround", "details": "Currently, there is no mitigation for this issue.", "product_ids": [ "7Server-Ansible-2.8:ansible-0:2.8.8-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.8-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.8-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.8-1.el8ae.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L", "version": "3.0" }, "products": [ "7Server-Ansible-2.8:ansible-0:2.8.8-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.8-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.8-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.8-1.el8ae.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Ansible: vulnerability in solaris_zone module via crafted solaris zone" }, { "acknowledgments": [ { "names": [ "Abhijeet Kasurde" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-14905", "cwe": { "id": "CWE-73", "name": "External Control of File Name or Path" }, "discovery_date": "2019-11-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1776943" } ], "notes": [ { "category": "description", "text": "A vulnerability in Ansible\u0027s nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.", "title": "Vulnerability description" }, { "category": "summary", "text": "Ansible: malicious code could craft filename in nxos_file_copy module", "title": "Vulnerability summary" }, { "category": "other", "text": "Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.\n\nRed Hat Gluster Storage 3 and Red Hat Ceph Storage 3 no longer maintain their own version of Ansible. Therefore this fix will be consumed directly from core Ansible.\n\nIn Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Ansible-2.8:ansible-0:2.8.8-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.8-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.8-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.8-1.el8ae.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14905" }, { "category": "external", "summary": "RHBZ#1776943", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1776943" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14905", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14905" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14905", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14905" } ], "release_date": "2019-11-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-01-23T16:50:14+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Ansible-2.8:ansible-0:2.8.8-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.8-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.8-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.8-1.el8ae.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0216" }, { "category": "workaround", "details": "There is no mitigation for this issue, the flaw can only be resolved by applying updates.", "product_ids": [ "7Server-Ansible-2.8:ansible-0:2.8.8-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.8-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.8-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.8-1.el8ae.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "7Server-Ansible-2.8:ansible-0:2.8.8-1.el7ae.noarch", "7Server-Ansible-2.8:ansible-0:2.8.8-1.el7ae.src", "8Base-Ansible-2.8:ansible-0:2.8.8-1.el8ae.noarch", "8Base-Ansible-2.8:ansible-0:2.8.8-1.el8ae.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Ansible: malicious code could craft filename in nxos_file_copy module" } ] }
wid-sec-w-2023-2482
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Ansible ist eine Software zur Automatisierung von Cloud Provisionierung,\r\nzum Konfigurationsmanagement und zur Anwendungsbereitstellung.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Ansible ausnutzen, um beliebigen Programmcode auszuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-2482 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2023-2482.json" }, { "category": "self", "summary": "WID-SEC-2023-2482 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2482" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALASANSIBLE2-2023-009 vom 2023-09-27", "url": "https://alas.aws.amazon.com/AL2/ALASANSIBLE2-2023-009.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:0215 vom 2020-01-23", "url": "https://access.redhat.com/errata/RHSA-2020:0215" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:0218 vom 2020-01-23", "url": "https://access.redhat.com/errata/RHSA-2020:0218" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:0216 vom 2020-01-23", "url": "https://access.redhat.com/errata/RHSA-2020:0216" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:0217 vom 2020-01-23", "url": "https://access.redhat.com/errata/RHSA-2020:0217" }, { "category": "external", "summary": "RedHat Customer Portal vom 2019-12-08", "url": "https://access.redhat.com/security/cve/CVE-2019-14904" }, { "category": "external", "summary": "RedHat Customer Portal vom 2019-12-08", "url": "https://access.redhat.com/security/cve/CVE-2019-14905" }, { "category": "external", "summary": "RedHat Customer Portal vom 2019-12-08", "url": "https://www.cybersecurity-help.cz/vdb/SB2019120801" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2020:3309-1 vom 2020-11-12", "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007763.html" }, { "category": "external", "summary": "Debian Security Advisory DLA-2535 vom 2021-01-27", "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html" }, { "category": "external", "summary": "Debian Security Advisory DSA-4950 vom 2021-08-07", "url": "https://www.debian.org/security/2021/dsa-4950" } ], "source_lang": "en-US", "title": "Ansible: Mehrere Schwachstellen erm\u00f6glichen Ausf\u00fchren von beliebigem Programmcode", "tracking": { "current_release_date": "2023-09-27T22:00:00.000+00:00", "generator": { "date": "2024-02-15T17:45:45.262+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-2482", "initial_release_date": "2019-12-08T23:00:00.000+00:00", "revision_history": [ { "date": "2019-12-08T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2020-01-20T23:00:00.000+00:00", "number": "2", "summary": "Referenz(en) aufgenommen: FEDORA-2020-CAF7F7D0D9, FEDORA-2020-2BED89517F" }, { "date": "2020-01-23T23:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2020-11-12T23:00:00.000+00:00", "number": "4", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2021-01-27T23:00:00.000+00:00", "number": "5", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2021-08-08T22:00:00.000+00:00", "number": "6", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2023-09-27T22:00:00.000+00:00", "number": "7", "summary": "Neue Updates von Amazon aufgenommen" } ], "status": "final", "version": "7" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Amazon Linux 2", "product": { "name": "Amazon Linux 2", "product_id": "398363", "product_identification_helper": { "cpe": "cpe:/o:amazon:linux_2:-" } } } ], "category": "vendor", "name": "Amazon" }, { "branches": [ { "category": "product_name", "name": "Debian Linux", "product": { "name": "Debian Linux", "product_id": "2951", "product_identification_helper": { "cpe": "cpe:/o:debian:debian_linux:-" } } } ], "category": "vendor", "name": "Debian" }, { "branches": [ { "branches": [ { "category": "product_name", "name": "Open Source Ansible 2.7.x", "product": { "name": "Open Source Ansible 2.7.x", "product_id": "T015468", "product_identification_helper": { "cpe": "cpe:/a:open_source:ansible:2.7.x" } } }, { "category": "product_name", "name": "Open Source Ansible 2.8.x", "product": { "name": "Open Source Ansible 2.8.x", "product_id": "T015469", "product_identification_helper": { "cpe": "cpe:/a:open_source:ansible:2.8.x" } } }, { "category": "product_name", "name": "Open Source Ansible 2.9.x", "product": { "name": "Open Source Ansible 2.9.x", "product_id": "T015470", "product_identification_helper": { "cpe": "cpe:/a:open_source:ansible:2.9.x" } } } ], "category": "product_name", "name": "Ansible" } ], "category": "vendor", "name": "Open Source" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-14904", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in Ansible aufgrund einer unsachgem\u00e4\u00dfen Eingabevalidierung bei der Verarbeitung von Zonennamen innerhalb des \"solaris_zone\" Moduls. Ein entfernter authentisierter Angreifer kann einen speziell gestalteten Zonennamen als Parameter f\u00fcr den \"os.system()\" Aufruf angeben und beliebige Betriebssystembefehle auf dem Zielsystem ausf\u00fchren." } ], "product_status": { "known_affected": [ "T015470", "2951", "T002207", "67646", "T015469", "T015468", "398363" ] }, "release_date": "2019-12-08T23:00:00Z", "title": "CVE-2019-14904" }, { "cve": "CVE-2019-14905", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in Ansible. Diese besteht aufgrund einer falschen Validierung von Dateinamen innerhalb des Moduls \"nxos_file_copy\" beim Kopieren von Dateien in einen Flash oder Bootflash auf NXOS-Ger\u00e4ten mit dem Parameter \"remote_file\". Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um beliebige Betriebssystembefehle auf dem System mit erh\u00f6hten Rechten einzubauen und auszuf\u00fchren." } ], "product_status": { "known_affected": [ "T015470", "2951", "T002207", "67646", "T015469", "T015468", "398363" ] }, "release_date": "2019-12-08T23:00:00Z", "title": "CVE-2019-14905" } ] }
ghsa-gwr8-5j83-483c
Vulnerability from github
8.3 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L
A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.
{ "affected": [ { "package": { "ecosystem": "PyPI", "name": "ansible" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "2.7.16" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "PyPI", "name": "ansible" }, "ranges": [ { "events": [ { "introduced": "2.8.0a1" }, { "fixed": "2.8.8" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "PyPI", "name": "ansible" }, "ranges": [ { "events": [ { "introduced": "2.9.0a1" }, { "fixed": "2.9.3" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2019-14904" ], "database_specific": { "cwe_ids": [ "CWE-20", "CWE-78" ], "github_reviewed": true, "github_reviewed_at": "2021-04-05T13:24:57Z", "nvd_published_at": "2020-08-26T03:15:00Z", "severity": "HIGH" }, "details": "A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the \u0027ps\u0027 bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.", "id": "GHSA-gwr8-5j83-483c", "modified": "2024-09-06T20:14:42Z", "published": "2021-04-20T16:44:22Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14904" }, { "type": "WEB", "url": "https://github.com/ansible/ansible/pull/65686" }, { "type": "WEB", "url": "https://github.com/ansible/ansible/commit/589a415f887b6f2bb65cd07fe6b2e9d0a8156b69" }, { "type": "WEB", "url": "https://github.com/ansible/ansible/commit/6a86650109b8654f5898369e45d3857624edf907" }, { "type": "WEB", "url": "https://github.com/ansible/ansible/commit/a1b0f72c98b4b2afaab8aafa255e82c2075049c8" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1776944" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-gwr8-5j83-483c" }, { "type": "PACKAGE", "url": "https://github.com/ansible/ansible" }, { "type": "WEB", "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-161.yaml" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html" }, { "type": "WEB", "url": "https://www.debian.org/security/2021/dsa-4950" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L", "type": "CVSS_V3" }, { "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L", "type": "CVSS_V4" } ], "summary": "OS Command Injection and Improper Input Validation in ansible" }
gsd-2019-14904
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2019-14904", "description": "A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the \u0027ps\u0027 bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.", "id": "GSD-2019-14904", "references": [ "https://www.suse.com/security/cve/CVE-2019-14904.html", "https://www.debian.org/security/2021/dsa-4950", "https://access.redhat.com/errata/RHSA-2020:0218", "https://access.redhat.com/errata/RHSA-2020:0217", "https://access.redhat.com/errata/RHSA-2020:0216", "https://access.redhat.com/errata/RHSA-2020:0215", "https://advisories.mageia.org/CVE-2019-14904.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2019-14904" ], "details": "A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the \u0027ps\u0027 bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.", "id": "GSD-2019-14904", "modified": "2023-12-13T01:23:52.862001Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2019-14904", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ansible", "version": { "version_data": [ { "version_value": "All versions before ansible-engine 2.9.4, before ansible-engine 2.8.8 and before ansible-engine 2.7.16" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the \u0027ps\u0027 bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20 leads to CWE-78" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1776944", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1776944" }, { "name": "https://github.com/ansible/ansible/pull/65686", "refsource": "MISC", "url": "https://github.com/ansible/ansible/pull/65686" }, { "name": "[debian-lts-announce] 20210127 [SECURITY] [DLA 2535-1] ansible security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html" }, { "name": "DSA-4950", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4950" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "\u003c2.7.15||\u003e=2.8.0,\u003c2.8.7||\u003e=2.9.0,\u003c2.9.2", "affected_versions": "All versions before 2.7.15, all versions starting from 2.8.0 before 2.8.7, all versions starting from 2.9.0 before 2.9.2", "cvss_v2": "AV:L/AC:L/Au:N/C:C/I:P/A:P", "cvss_v3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L", "cwe_ids": [ "CWE-1035", "CWE-78", "CWE-937" ], "date": "2020-08-28", "description": "A flaw was found in the `solaris_zone` module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the `ps` bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine as well as previous versions are affected.", "fixed_versions": [ "2.7.15", "2.8.7", "2.9.2" ], "identifier": "CVE-2019-14904", "identifiers": [ "CVE-2019-14904" ], "not_impacted": "All versions starting from 2.7.15 before 2.8.0, all versions starting from 2.8.7 before 2.9.0, all versions starting from 2.9.2", "package_slug": "pypi/ansible", "pubdate": "2020-08-26", "solution": "Upgrade to versions 2.7.15, 2.8.7, 2.9.2 or above.", "title": "OS Command Injection", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2019-14904", "https://bugzilla.redhat.com/show_bug.cgi?id=1776944" ], "uuid": "70fda99b-3ddd-41c0-baad-2ea18983ac2e" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.7.15", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.8.7", "versionStartIncluding": "2.8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.2", "versionStartIncluding": "2.9.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2019-14904" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the \u0027ps\u0027 bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-20" }, { "lang": "en", "value": "CWE-78" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/ansible/ansible/pull/65686", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/ansible/ansible/pull/65686" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1776944", "refsource": "MISC", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1776944" }, { "name": "[debian-lts-announce] 20210127 [SECURITY] [DLA 2535-1] ansible security update", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html" }, { "name": "DSA-4950", "refsource": "DEBIAN", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2021/dsa-4950" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.1, "confidentialityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 8.5, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L", "version": "3.1" }, "exploitabilityScore": 1.5, "impactScore": 5.3 } }, "lastModifiedDate": "2022-04-22T18:53Z", "publishedDate": "2020-08-26T03:15Z" } } }
pysec-2020-161
Vulnerability from pysec
A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.
{ "affected": [ { "package": { "ecosystem": "PyPI", "name": "ansible", "purl": "pkg:pypi/ansible" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "2.7.15" }, { "introduced": "2.8.0" }, { "fixed": "2.8.7" }, { "introduced": "2.9.0" }, { "fixed": "2.9.2" } ], "type": "ECOSYSTEM" } ], "versions": [ "1.0", "1.1", "1.2", "1.2.1", "1.2.2", "1.2.3", "1.3.0", "1.3.1", "1.3.2", "1.3.3", "1.3.4", "1.4", "1.4.1", "1.4.2", "1.4.3", "1.4.4", "1.4.5", "1.5", "1.5.1", "1.5.2", "1.5.3", "1.5.4", "1.5.5", "1.6", "1.6.1", "1.6.2", "1.6.3", "1.6.4", "1.6.5", "1.6.6", "1.6.7", "1.6.8", "1.6.9", "1.6.10", "1.7", "1.7.1", "1.7.2", "1.8", "1.8.1", "1.8.2", "1.8.3", "1.8.4", "1.9.0", "1.9.0.1", "1.9.1", "1.9.2", "1.9.3", "1.9.4", "1.9.5", "1.9.6", "2.0.0.0", "2.0.0", "2.0.0.1", "2.0.0.2", "2.0.1.0", "2.0.2.0", "2.1.0.0", "2.1.1.0", "2.1.2.0", "2.1.3.0", "2.1.4.0", "2.1.5.0", "2.1.6.0", "2.2.0.0", "2.2.1.0", "2.2.2.0", "2.2.3.0", "2.3.0.0", "2.3.1.0", "2.3.2.0", "2.3.3.0", "2.4.0.0", "2.4.1.0", "2.4.2.0", "2.4.3.0", "2.4.4.0", "2.4.5.0", "2.4.6.0", "2.5.0a1", "2.5.0b1", "2.5.0b2", "2.5.0rc1", "2.5.0rc2", "2.5.0rc3", "2.5.0", "2.5.1", "2.5.2", "2.5.3", "2.5.4", "2.5.5", "2.5.6", "2.5.7", "2.5.8", "2.5.9", "2.5.10", "2.5.11", "2.5.12", "2.5.13", "2.5.14", "2.5.15", "2.6.0a1", "2.6.0a2", "2.6.0rc1", "2.6.0rc2", "2.6.0rc3", "2.6.0rc4", "2.6.0rc5", "2.6.0", "2.6.1", "2.6.2", "2.6.3", "2.6.4", "2.6.5", "2.6.6", "2.6.7", "2.6.8", "2.6.9", "2.6.10", "2.6.11", "2.6.12", "2.6.13", "2.6.14", "2.6.15", "2.6.16", "2.6.17", "2.6.18", "2.6.19", "2.6.20", "2.7.0.dev0", "2.7.0a1", "2.7.0b1", "2.7.0rc1", "2.7.0rc2", "2.7.0rc3", "2.7.0rc4", "2.7.0", "2.7.1", "2.7.2", "2.7.3", "2.7.4", "2.7.5", "2.7.6", "2.7.7", "2.7.8", "2.7.9", "2.7.10", "2.7.11", "2.7.12", "2.7.13", "2.7.14", "2.8.0", "2.8.1", "2.8.2", "2.8.3", "2.8.4", "2.8.5", "2.8.6", "2.9.0", "2.9.1" ] } ], "aliases": [ "CVE-2019-14904", "GHSA-gwr8-5j83-483c" ], "details": "A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the \u0027ps\u0027 bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.", "id": "PYSEC-2020-161", "modified": "2021-01-28T18:00:00Z", "published": "2020-08-26T03:15:00Z", "references": [ { "type": "WEB", "url": "https://github.com/ansible/ansible/pull/65686" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1776944" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-gwr8-5j83-483c" } ] }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.