CVE-2019-14904
Description
A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the ps bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.
Risk Information
Base Score
7.3
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L
EPSS Score
Exploitation Probability
0.041
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2019-14904,CVE-2019-14905 are fixed in Python-ansible 2.7.16 | Windows |
| Vulnerabilities CVE-2019-14904,CVE-2019-14905 are fixed in Python-ansible 2.8.8 | Windows |
| Vulnerabilities CVE-2019-14904,CVE-2019-14905 are fixed in Python-ansible 2.9.3 | Windows |
| ansible security update(DSA-4950-1) ansible_2.7.7+dfsg-1+deb10u1_all.deb | Linux |
| ansible security update(DSA-4950-1) Debian_ansible_2.7.7+dfsg-1+deb10u1_all.deb | Linux |
| Vulnerabilities CVE-2019-14904,CVE-2019-14905 are fixed in Python-ansible for linux 2.7.16 | Linux |
| Vulnerabilities CVE-2019-14904,CVE-2019-14905 are fixed in Python-ansible for linux 2.8.8 | Linux |
| Vulnerabilities CVE-2019-14904,CVE-2019-14905 are fixed in Python-ansible for linux 2.9.3 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234