Search for vulnerabilities
Vulnerability details: VCID-s1sn-6wq8-j3cd
Vulnerability ID VCID-s1sn-6wq8-j3cd
Aliases CVE-2019-14904
GHSA-gwr8-5j83-483c
PYSEC-2020-161
Summary A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-20 Improper Input Validation
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 7.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14904.json
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2019-14904
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2019-14904
cvssv3.1 7.3 https://bugzilla.redhat.com/show_bug.cgi?id=1776944
generic_textual HIGH https://bugzilla.redhat.com/show_bug.cgi?id=1776944
cvssv3.1 7.2 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 7.3 https://github.com/advisories/GHSA-gwr8-5j83-483c
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-gwr8-5j83-483c
generic_textual HIGH https://github.com/advisories/GHSA-gwr8-5j83-483c
cvssv3.1 7.3 https://github.com/ansible/ansible
generic_textual HIGH https://github.com/ansible/ansible
cvssv3.1 7.3 https://github.com/ansible/ansible/commit/589a415f887b6f2bb65cd07fe6b2e9d0a8156b69
generic_textual HIGH https://github.com/ansible/ansible/commit/589a415f887b6f2bb65cd07fe6b2e9d0a8156b69
cvssv3.1 7.3 https://github.com/ansible/ansible/commit/6a86650109b8654f5898369e45d3857624edf907
generic_textual HIGH https://github.com/ansible/ansible/commit/6a86650109b8654f5898369e45d3857624edf907
cvssv3.1 7.3 https://github.com/ansible/ansible/commit/a1b0f72c98b4b2afaab8aafa255e82c2075049c8
generic_textual HIGH https://github.com/ansible/ansible/commit/a1b0f72c98b4b2afaab8aafa255e82c2075049c8
cvssv3.1 7.3 https://github.com/ansible/ansible/pull/65686
generic_textual HIGH https://github.com/ansible/ansible/pull/65686
cvssv3.1 7.3 https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-161.yaml
generic_textual HIGH https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-161.yaml
cvssv3.1 7.3 https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html
generic_textual HIGH https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html
cvssv2 6.1 https://nvd.nist.gov/vuln/detail/CVE-2019-14904
cvssv3.1 7.3 https://nvd.nist.gov/vuln/detail/CVE-2019-14904
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2019-14904
cvssv3.1 7.3 https://www.debian.org/security/2021/dsa-4950
generic_textual HIGH https://www.debian.org/security/2021/dsa-4950
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14904.json
https://api.first.org/data/v1/epss?cve=CVE-2019-14904
https://bugzilla.redhat.com/show_bug.cgi?id=1776944
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/advisories/GHSA-gwr8-5j83-483c
https://github.com/ansible/ansible
https://github.com/ansible/ansible/commit/589a415f887b6f2bb65cd07fe6b2e9d0a8156b69
https://github.com/ansible/ansible/commit/6a86650109b8654f5898369e45d3857624edf907
https://github.com/ansible/ansible/commit/a1b0f72c98b4b2afaab8aafa255e82c2075049c8
https://github.com/ansible/ansible/pull/65686
https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-161.yaml
https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html
https://nvd.nist.gov/vuln/detail/CVE-2019-14904
https://www.debian.org/security/2021/dsa-4950
cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
RHSA-2020:0215 https://access.redhat.com/errata/RHSA-2020:0215
RHSA-2020:0217 https://access.redhat.com/errata/RHSA-2020:0217
USN-7330-1 https://usn.ubuntu.com/7330-1/
No exploits are available.
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14904.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L Found at https://bugzilla.redhat.com/show_bug.cgi?id=1776944
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L Found at https://github.com/advisories/GHSA-gwr8-5j83-483c
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L Found at https://github.com/ansible/ansible
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L Found at https://github.com/ansible/ansible/commit/589a415f887b6f2bb65cd07fe6b2e9d0a8156b69
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L Found at https://github.com/ansible/ansible/commit/6a86650109b8654f5898369e45d3857624edf907
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L Found at https://github.com/ansible/ansible/commit/a1b0f72c98b4b2afaab8aafa255e82c2075049c8
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L Found at https://github.com/ansible/ansible/pull/65686
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L Found at https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-161.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L Found at https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:L/AC:L/Au:N/C:C/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2019-14904
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2019-14904
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L Found at https://www.debian.org/security/2021/dsa-4950
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.11386
EPSS Score 0.0004
Published At Sept. 12, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:09:10.251479+00:00 Pypa Importer Import https://github.com/pypa/advisory-database/blob/main/vulns/ansible/PYSEC-2020-161.yaml 37.0.0