What is CVE-2019-14904?

CVE-2019-14904 is a vulnerability in Ansible, classified under Improper Input Validation. Published 2020-08-25.

Is CVE-2019-14904 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Ansible

CVE-2019-14904

A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An at…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.000 (11.4th percentile) — read the EPSS interpretation.

Affected products

N/a Ansible — versions All versions before ansible-engine 2.9.4, before ansible-engine 2.8.8 and before ansible-engine 2.7.16

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

n0-traces/cve_

References

bugzilla.redhat.com/show_bug.cgi (x_refsource_MISC)
github.com/ansible/ansible/pull/65686 (x_refsource_MISC)
[debian-lts-announce] 20210127 [SECURITY] [DLA 2535-1] ansible security update (mailing-list, x_refsource_MLIST)
DSA-4950 (vendor-advisory, x_refsource_DEBIAN)

Frequently asked questions

What is CVE-2019-14904?: CVE-2019-14904 is a vulnerability in Ansible, classified under Improper Input Validation. Published 2020-08-25.
Is CVE-2019-14904 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.