VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-smfv-6q3x-qkcz

Essentials
Severities (64)
References (32)
Severity details (36)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-smfv-6q3x-qkcz
Aliases	CVE-2019-3828 GHSA-74vq-h4q8-x6jv PYSEC-2019-5
Summary	Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.
Status	Published
Exploitability	0.5
Weighted Severity	3.8
Risk	1.9
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	4.2	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html
generic_textual	LOW	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html
cvssv3.1	4.2	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html
generic_textual	LOW	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html
cvssv3.1	4.2	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html
generic_textual	LOW	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html
cvssv3.1	4.2	http://packetstormsecurity.com/files/172837/Ansible-Fetch-Path-Traversal.html
generic_textual	LOW	http://packetstormsecurity.com/files/172837/Ansible-Fetch-Path-Traversal.html
cvssv3.1	4.2	https://access.redhat.com/errata/RHSA-2019:3744
generic_textual	LOW	https://access.redhat.com/errata/RHSA-2019:3744
cvssv3.1	4.2	https://access.redhat.com/errata/RHSA-2019:3789
generic_textual	LOW	https://access.redhat.com/errata/RHSA-2019:3789
cvssv3	4.2	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3828.json
epss	0.00039	https://api.first.org/data/v1/epss?cve=CVE-2019-3828
epss	0.00039	https://api.first.org/data/v1/epss?cve=CVE-2019-3828
epss	0.00039	https://api.first.org/data/v1/epss?cve=CVE-2019-3828
epss	0.00039	https://api.first.org/data/v1/epss?cve=CVE-2019-3828
epss	0.00039	https://api.first.org/data/v1/epss?cve=CVE-2019-3828
epss	0.00039	https://api.first.org/data/v1/epss?cve=CVE-2019-3828
epss	0.00039	https://api.first.org/data/v1/epss?cve=CVE-2019-3828
epss	0.00039	https://api.first.org/data/v1/epss?cve=CVE-2019-3828
epss	0.00039	https://api.first.org/data/v1/epss?cve=CVE-2019-3828
epss	0.00039	https://api.first.org/data/v1/epss?cve=CVE-2019-3828
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-3828
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-3828
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-3828
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-3828
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-3828
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-3828
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-3828
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-3828
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-3828
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-3828
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-3828
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-3828
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-3828
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-3828
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-3828
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-3828
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-3828
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-3828
cvssv3.1	4.2	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3828
generic_textual	LOW	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3828
cvssv3	4.2	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	4.2	https://github.com/advisories/GHSA-74vq-h4q8-x6jv
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-74vq-h4q8-x6jv
generic_textual	LOW	https://github.com/advisories/GHSA-74vq-h4q8-x6jv
cvssv3.1	4.2	https://github.com/ansible/ansible
generic_textual	LOW	https://github.com/ansible/ansible
cvssv3.1	4.2	https://github.com/ansible/ansible/commit/396a2f74717477d80600450e2b7e45349d7b5110
generic_textual	LOW	https://github.com/ansible/ansible/commit/396a2f74717477d80600450e2b7e45349d7b5110
cvssv3.1	4.2	https://github.com/ansible/ansible/commit/4be3215d2f9f84ca283895879f0c6ce1ed7dd333
generic_textual	LOW	https://github.com/ansible/ansible/commit/4be3215d2f9f84ca283895879f0c6ce1ed7dd333
cvssv3.1	4.2	https://github.com/ansible/ansible/commit/f3edc091523fbe301926b7a0db25fbbd96940d93
generic_textual	LOW	https://github.com/ansible/ansible/commit/f3edc091523fbe301926b7a0db25fbbd96940d93
cvssv3.1	4.2	https://github.com/ansible/ansible/pull/52133
generic_textual	LOW	https://github.com/ansible/ansible/pull/52133
cvssv3.1	4.2	https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-5.yaml
generic_textual	LOW	https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-5.yaml
cvssv2	3.3	https://nvd.nist.gov/vuln/detail/CVE-2019-3828
cvssv3.1	4.2	https://nvd.nist.gov/vuln/detail/CVE-2019-3828
generic_textual	LOW	https://nvd.nist.gov/vuln/detail/CVE-2019-3828
cvssv3.1	4.2	https://usn.ubuntu.com/4072-1
generic_textual	LOW	https://usn.ubuntu.com/4072-1

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html
		http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html
		http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html
		http://packetstormsecurity.com/files/172837/Ansible-Fetch-Path-Traversal.html
		https://access.redhat.com/errata/RHSA-2019:3744
		https://access.redhat.com/errata/RHSA-2019:3789
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3828.json
		https://api.first.org/data/v1/epss?cve=CVE-2019-3828
		https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3828
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10855
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10875
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16837
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16876
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3828
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/advisories/GHSA-74vq-h4q8-x6jv
		https://github.com/ansible/ansible
		https://github.com/ansible/ansible/commit/396a2f74717477d80600450e2b7e45349d7b5110
		https://github.com/ansible/ansible/commit/4be3215d2f9f84ca283895879f0c6ce1ed7dd333
		https://github.com/ansible/ansible/commit/f3edc091523fbe301926b7a0db25fbbd96940d93
		https://github.com/ansible/ansible/pull/52133
		https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-5.yaml
		https://nvd.nist.gov/vuln/detail/CVE-2019-3828
		https://usn.ubuntu.com/4072-1
		https://usn.ubuntu.com/4072-1/
1676689		https://bugzilla.redhat.com/show_bug.cgi?id=1676689
922537		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922537
cpe:2.3:a:redhat:ansible::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible::::::::
RHSA-2019:0430		https://access.redhat.com/errata/RHSA-2019:0430
RHSA-2019:0431		https://access.redhat.com/errata/RHSA-2019:0431
RHSA-2019:0432		https://access.redhat.com/errata/RHSA-2019:0432
RHSA-2019:0433		https://access.redhat.com/errata/RHSA-2019:0433

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Found at http://packetstormsecurity.com/files/172837/Ansible-Fetch-Path-Traversal.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2019:3744

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2019:3789

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3828.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3828

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/advisories/GHSA-74vq-h4q8-x6jv

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/ansible/ansible

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/ansible/ansible/commit/396a2f74717477d80600450e2b7e45349d7b5110

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/ansible/ansible/commit/4be3215d2f9f84ca283895879f0c6ce1ed7dd333

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/ansible/ansible/commit/f3edc091523fbe301926b7a0db25fbbd96940d93

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/ansible/ansible/pull/52133

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-5.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-3828

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-3828

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Found at https://usn.ubuntu.com/4072-1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.10645
EPSS Score	0.00039
Published At	Sept. 9, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:07:29.774280+00:00	Pypa Importer	Import	https://github.com/pypa/advisory-database/blob/main/vulns/ansible/PYSEC-2019-5.yaml	37.0.0