CVE-2019-14904

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-14904
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-14904.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-14904
Aliases
Downstream
Related
Published
2020-08-26T03:15:11.830Z
Modified
2026-04-11T12:10:48.142076Z
Severity
  • 7.3 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L CVSS Calculator
Summary
[none]
Details

A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.

Database specific 
{
    "unresolved_ranges": [
        {
            "cpe": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "10.0"
                }
            ]
        },
        {
            "cpe": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "9.0"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/ansible/ansible

Affected ranges

Type
GIT
Repo
https://github.com/ansible/ansible
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
0623dedf2d9c4afc09e5be30d3ef249f9d1ebece
Introduced
2611867fd1dc387ceaa0ffb8ce0f030aafc2a859
Fixed
24220a618a6d5cd3b5c99f8c7f7771661ed08d33
Introduced
24325a05dfb9104d6d4ec8b488b89e07c2e6d376
Fixed
f2285203dc96384e77012137aa5e5f200be6446c
Database specific 
{
    "cpe": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*",
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.7.15"
        },
        {
            "introduced": "2.8.0"
        },
        {
            "fixed": "2.8.7"
        },
        {
            "introduced": "2.9.0"
        },
        {
            "fixed": "2.9.2"
        }
    ]
}

Affected versions

0.*
0.0.1
0.01
0.3
0.7
v1.*
v1.0
v1.1
v1.2
v1.4.0
v1.6.0
v2.*
v2.0.0-0.1.alpha1
v2.0.0-0.2.alpha2
v2.0.0-0.3.beta1
v2.0.0-0.4.beta2
v2.0.0-0.5.beta3
v2.6.0a1
v2.7.0
v2.7.0.a1
v2.7.0b1
v2.7.0rc1
v2.7.0rc2
v2.7.0rc3
v2.7.0rc4
v2.7.1
v2.7.10
v2.7.11
v2.7.12
v2.7.13
v2.7.14
v2.7.2
v2.7.3
v2.7.4
v2.7.5
v2.7.6
v2.7.7
v2.7.8
v2.7.9
v2.8.0
v2.8.1
v2.8.2
v2.8.3
v2.8.4
v2.8.5
v2.8.6
v2.9.0
v2.9.1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-14904.json"