CVE-2019-14856 — Improper Authentication in Redhat Ansible

CWE-287 — Improper Authentication12 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 42.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Ansible Opensuse Backports SLE Opensuse Leap +1 more

Timeline

PublishedNov 26

Latest updateMay 24

Description

ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

▶NVDredhat/ansible2.6.0 — 2.6.20+2

▶PyPIredhat/ansible2.8.0 — 2.8.6+2

▶Alpineredhat/ansible< 2.8.6-r0+4

▶NVDopensuse/leap15.1

▶NVDredhat/openstack13

🔴Vulnerability Details

OSV

Ansible password prompts could expose passwords↗2022-05-24

▶

GHSA

Ansible password prompts could expose passwords↗2022-05-24

▶

OSV

CVE-2019-14856: ansible before versions 2↗2019-11-26

▶

CVEList

CVE-2019-14856: ansible before versions 2↗2019-11-26

▶

📋Vendor Advisories

Red Hat

ansible: Incomplete fix for CVE-2019-10206↗2019-10-08

▶

Debian

CVE-2019-14856: ansible - ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None↗2019

▶

💬Community

Bugzilla

CVE-2019-14856 ansible: Incomplete fix for CVE-2019-10206 [epel-7]↗2019-11-22

▶

Bugzilla

CVE-2019-14856 ansible: Incomplete fix for CVE-2019-10206 [openstack-rdo]↗2019-11-22

▶

Bugzilla

CVE-2019-14856 ansible: Incomplete fix for CVE-2019-10206 [epel-6]↗2019-11-22

▶

Bugzilla

CVE-2019-14856 ansible: Incomplete fix for CVE-2019-10206 [fedora-all]↗2019-11-22

▶

Bugzilla

CVE-2019-14856 ansible: Incomplete fix for CVE-2019-10206↗2019-10-11

▶