Astra Linux – Vulnerability in Ansible

A vulnerability was discovered in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, and 2.7.x before 2.7.16 and earlier. In these versions, the nxosfilecopy module of Ansible can be used to copy files to the flash or bootflash on NXOS devices. Malicious code could manipulate the...

Amazon Linux 2 : ansible (ALASANSIBLE2-2023-009)

The version of ansible installed on the remote host is prior to 2.9.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ANSIBLE2-2023-009 advisory. A flaw was found in the solariszone module from the Ansible Community modules. When setting the name for the zone o...

openSUSE Security Update : ansible (openSUSE-2020-513)

This update for ansible to version 2.9.6 fixes the following issues : Security issues fixed : - CVE-2019-14904: Fixed a vulnerability in solariszone module via crafted solaris zone boo1157968. - CVE-2019-14905: Fixed an issue where malicious code could craft filename in nxosfilecopy module...

Security update for ansible (moderate)

openSUSE Security Update: Security update for ansible Announcement ID: openSUSE-SU-2020:0513-1 Rating: moderate References: 1137479 1142542 1142690 1144453 1153452 1154231 1154232 1154830 1157968 1157969 Cross-References: CVE-2019-10206 CVE-2019-10217 CVE-2019-14846 CVE-2019-14856 CVE-2019-14858...

CVE-2019-14905

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS...

CVE-2019-14905

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS...

CVE-2019-14905

The CVE-2019-14905 issue affects Ansible Engine’s nxos_file_copy module, where the filename parameter could be crafted to inject OS commands on NXOS devices. This is a local attack with potential confidentiality, integrity, and availability impacts as described (loss of confidentiality, etc.). Af...

Moderate: Red Hat Security Advisory: Ansible security and bug fix update (2.8.8)

An update for ansible is now available for Ansible Engine 2.8 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...

Moderate: Red Hat Security Advisory: Ansible security and bug fix update (2.9.4)

An update for ansible is now available for Ansible Engine 2.9 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...

Moderate: Red Hat Security Advisory: Ansible security and bug fix update (2.7.16)

An update for ansible is now available for Ansible Engine 2.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...

OS Command Injection

Ansible is vulnerable to OS command injection. The attack is possible because the module nxosfilecopy does not validate the remotefile parameter and directly uses the filenames from the parameter to copy files to a flash or bootflash on NXOS devices, allowing an attacker to inject malicious comma...

CVE-2019-14905

A vulnerability in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues. Mitigation There...