VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-d982-kvmd-pyae

Essentials
Severities (61)
References (53)
Severity details (37)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-d982-kvmd-pyae
Aliases	CVE-2019-14864 GHSA-3m93-m4q6-mc6v PYSEC-2020-160
Summary	Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-532	Insertion of Sensitive Information into Log File
CWE-117	Improper Output Neutralization for Logs
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	6.5	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
cvssv3.1	6.5	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
cvssv3	5.7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14864.json
epss	0.00935	https://api.first.org/data/v1/epss?cve=CVE-2019-14864
epss	0.00935	https://api.first.org/data/v1/epss?cve=CVE-2019-14864
epss	0.00935	https://api.first.org/data/v1/epss?cve=CVE-2019-14864
epss	0.00935	https://api.first.org/data/v1/epss?cve=CVE-2019-14864
epss	0.00935	https://api.first.org/data/v1/epss?cve=CVE-2019-14864
epss	0.00935	https://api.first.org/data/v1/epss?cve=CVE-2019-14864
epss	0.00935	https://api.first.org/data/v1/epss?cve=CVE-2019-14864
epss	0.00935	https://api.first.org/data/v1/epss?cve=CVE-2019-14864
epss	0.00935	https://api.first.org/data/v1/epss?cve=CVE-2019-14864
epss	0.00935	https://api.first.org/data/v1/epss?cve=CVE-2019-14864
epss	0.01154	https://api.first.org/data/v1/epss?cve=CVE-2019-14864
epss	0.01154	https://api.first.org/data/v1/epss?cve=CVE-2019-14864
epss	0.01154	https://api.first.org/data/v1/epss?cve=CVE-2019-14864
epss	0.01154	https://api.first.org/data/v1/epss?cve=CVE-2019-14864
epss	0.01154	https://api.first.org/data/v1/epss?cve=CVE-2019-14864
epss	0.01154	https://api.first.org/data/v1/epss?cve=CVE-2019-14864
epss	0.01154	https://api.first.org/data/v1/epss?cve=CVE-2019-14864
epss	0.01154	https://api.first.org/data/v1/epss?cve=CVE-2019-14864
epss	0.01154	https://api.first.org/data/v1/epss?cve=CVE-2019-14864
epss	0.01154	https://api.first.org/data/v1/epss?cve=CVE-2019-14864
epss	0.01154	https://api.first.org/data/v1/epss?cve=CVE-2019-14864
epss	0.01154	https://api.first.org/data/v1/epss?cve=CVE-2019-14864
epss	0.01154	https://api.first.org/data/v1/epss?cve=CVE-2019-14864
epss	0.01154	https://api.first.org/data/v1/epss?cve=CVE-2019-14864
cvssv3.1	6.5	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14864
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14864
cvssv3.1	6.5	https://github.com/advisories/GHSA-3m93-m4q6-mc6v
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-3m93-m4q6-mc6v
generic_textual	MODERATE	https://github.com/advisories/GHSA-3m93-m4q6-mc6v
cvssv3.1	6.5	https://github.com/ansible/ansible
generic_textual	MODERATE	https://github.com/ansible/ansible
cvssv3.1	6.5	https://github.com/ansible/ansible/commit/050f92f96054bf59e283fdec9972323c2ed00348
generic_textual	MODERATE	https://github.com/ansible/ansible/commit/050f92f96054bf59e283fdec9972323c2ed00348
cvssv3.1	6.5	https://github.com/ansible/ansible/commit/75288a89d0053d6df35c90863fb6c9542d89850e
generic_textual	MODERATE	https://github.com/ansible/ansible/commit/75288a89d0053d6df35c90863fb6c9542d89850e
cvssv3.1	6.5	https://github.com/ansible/ansible/commit/a0ec2976b2716cdecdd7a8f416d96406acd79b7c
generic_textual	MODERATE	https://github.com/ansible/ansible/commit/a0ec2976b2716cdecdd7a8f416d96406acd79b7c
cvssv3.1	6.5	https://github.com/ansible/ansible/commit/c76e074e4c71c7621a1ca8159261c1959b5287af
generic_textual	MODERATE	https://github.com/ansible/ansible/commit/c76e074e4c71c7621a1ca8159261c1959b5287af
cvssv3.1	6.5	https://github.com/ansible/ansible/issues/63522
generic_textual	MODERATE	https://github.com/ansible/ansible/issues/63522
cvssv3.1	6.5	https://github.com/ansible/ansible/pull/63527
generic_textual	MODERATE	https://github.com/ansible/ansible/pull/63527
cvssv3.1	6.5	https://github.com/ansible/ansible/pull/64273
generic_textual	MODERATE	https://github.com/ansible/ansible/pull/64273
cvssv3.1	6.5	https://github.com/ansible/ansible/pull/64274
generic_textual	MODERATE	https://github.com/ansible/ansible/pull/64274
cvssv3.1	6.5	https://github.com/ansible/ansible/pull/64748
generic_textual	MODERATE	https://github.com/ansible/ansible/pull/64748
cvssv3.1	6.5	https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-160.yaml
generic_textual	MODERATE	https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-160.yaml
cvssv2	4.0	https://nvd.nist.gov/vuln/detail/CVE-2019-14864
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2019-14864
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2019-14864
cvssv3.1	6.5	https://www.debian.org/security/2021/dsa-4950
generic_textual	MODERATE	https://www.debian.org/security/2021/dsa-4950

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
		http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14864.json
		https://api.first.org/data/v1/epss?cve=CVE-2019-14864
		https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14864
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228
		https://github.com/advisories/GHSA-3m93-m4q6-mc6v
		https://github.com/ansible/ansible
		https://github.com/ansible/ansible/commit/050f92f96054bf59e283fdec9972323c2ed00348
		https://github.com/ansible/ansible/commit/75288a89d0053d6df35c90863fb6c9542d89850e
		https://github.com/ansible/ansible/commit/a0ec2976b2716cdecdd7a8f416d96406acd79b7c
		https://github.com/ansible/ansible/commit/c76e074e4c71c7621a1ca8159261c1959b5287af
		https://github.com/ansible/ansible/issues/63522
		https://github.com/ansible/ansible/pull/63527
		https://github.com/ansible/ansible/pull/64273
		https://github.com/ansible/ansible/pull/64274
		https://github.com/ansible/ansible/pull/64748
		https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-160.yaml
		https://nvd.nist.gov/vuln/detail/CVE-2019-14864
		https://www.debian.org/security/2021/dsa-4950
1764148		https://bugzilla.redhat.com/show_bug.cgi?id=1764148
943768		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943768
cpe:2.3:a:opensuse:backports_sle:15.0:sp1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1::::::
cpe:2.3:a:redhat:ansible::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible::::::::
cpe:2.3:a:redhat:ansible_tower:3.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_tower:3.0:::::::*
cpe:2.3:a:redhat:ceph_storage:3.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ceph_storage:3.0:::::::*
cpe:2.3:a:redhat:cloudforms_management_engine:5.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.0:::::::*
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:opensuse:leap:15.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*
cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
RHSA-2019:3925		https://access.redhat.com/errata/RHSA-2019:3925
RHSA-2019:3926		https://access.redhat.com/errata/RHSA-2019:3926
RHSA-2019:3927		https://access.redhat.com/errata/RHSA-2019:3927
RHSA-2019:3928		https://access.redhat.com/errata/RHSA-2019:3928

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14864.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14864

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/advisories/GHSA-3m93-m4q6-mc6v

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible/commit/050f92f96054bf59e283fdec9972323c2ed00348

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible/commit/75288a89d0053d6df35c90863fb6c9542d89850e

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible/commit/a0ec2976b2716cdecdd7a8f416d96406acd79b7c

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible/commit/c76e074e4c71c7621a1ca8159261c1959b5287af

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible/issues/63522

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible/pull/63527

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible/pull/64273

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible/pull/64274

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible/pull/64748

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-160.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-14864

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-14864

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://www.debian.org/security/2021/dsa-4950

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.75288
EPSS Score	0.00935
Published At	Sept. 9, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:08:04.766077+00:00	Pypa Importer	Import	https://github.com/pypa/advisory-database/blob/main/vulns/ansible/PYSEC-2020-160.yaml	37.0.0