VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-ucre-31md-aaad

Essentials
Severities (129)
References (51)
Severity details (37)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-ucre-31md-aaad
Aliases	CVE-2019-14846 GHSA-pm48-cvv2-29q5 PYSEC-2019-4 PYSEC-2019-74
Summary	In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-532	Insertion of Sensitive Information into Log File
CWE-117	Improper Output Neutralization for Logs
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	5.6	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
cvssv3.1	5.6	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
generic_textual	Low	http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14846.html
rhas	Important	https://access.redhat.com/errata/RHSA-2019:3201
rhas	Important	https://access.redhat.com/errata/RHSA-2019:3202
rhas	Important	https://access.redhat.com/errata/RHSA-2019:3203
rhas	Important	https://access.redhat.com/errata/RHSA-2019:3207
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:0756
cvssv3	7.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14846.json
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00055	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00055	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.0006	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00074	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00074	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00074	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00074	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00074	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00074	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00074	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00074	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00074	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00074	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00074	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00074	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00074	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00074	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00086	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00086	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00147	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2019-14846
rhbs	high	https://bugzilla.redhat.com/show_bug.cgi?id=1755373
cvssv3.1	7.8	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846
generic_textual	HIGH	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206
generic_textual	Low	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846
generic_textual	Low	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864
generic_textual	Low	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729
cvssv3	2.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-pm48-cvv2-29q5
cvssv3.1	5.0	https://github.com/ansible/ansible
generic_textual	MODERATE	https://github.com/ansible/ansible
cvssv3.1	7.8	https://github.com/ansible/ansible/commit/90e74dd2600e5cc42dd9b4f4656f3d651c4ce5c4
generic_textual	HIGH	https://github.com/ansible/ansible/commit/90e74dd2600e5cc42dd9b4f4656f3d651c4ce5c4
cvssv3.1	7.8	https://github.com/ansible/ansible/commit/cb0f535a8b254a2daf69cd067e842fabb2993034
generic_textual	HIGH	https://github.com/ansible/ansible/commit/cb0f535a8b254a2daf69cd067e842fabb2993034
cvssv3.1	7.8	https://github.com/ansible/ansible/commit/d961f676c01023a6a21503df16ba551a550e515b
generic_textual	HIGH	https://github.com/ansible/ansible/commit/d961f676c01023a6a21503df16ba551a550e515b
cvssv3.1	7.8	https://github.com/ansible/ansible/pull/63366
generic_textual	HIGH	https://github.com/ansible/ansible/pull/63366
cvssv3.1	7.8	https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-4.yaml
generic_textual	HIGH	https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-4.yaml
cvssv3.1	4.7	https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
generic_textual	MODERATE	https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
cvssv3.1	7.3	https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html
generic_textual	HIGH	https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html
cvssv2	2.1	https://nvd.nist.gov/vuln/detail/CVE-2019-14846
cvssv3	7.8	https://nvd.nist.gov/vuln/detail/CVE-2019-14846
cvssv3.1	7.8	https://nvd.nist.gov/vuln/detail/CVE-2019-14846
cvssv3.1	7.5	https://www.debian.org/security/2021/dsa-4950
generic_textual	HIGH	https://www.debian.org/security/2021/dsa-4950

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
		http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
		http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14846.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14846.json
		https://api.first.org/data/v1/epss?cve=CVE-2019-14846
		https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/ansible/ansible
		https://github.com/ansible/ansible/commit/90e74dd2600e5cc42dd9b4f4656f3d651c4ce5c4
		https://github.com/ansible/ansible/commit/cb0f535a8b254a2daf69cd067e842fabb2993034
		https://github.com/ansible/ansible/commit/d961f676c01023a6a21503df16ba551a550e515b
		https://github.com/ansible/ansible/pull/63366
		https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-4.yaml
		https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
		https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html
		https://www.debian.org/security/2021/dsa-4950
1755373		https://bugzilla.redhat.com/show_bug.cgi?id=1755373
942188		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942188
cpe:2.3:a:opensuse:backports_sle:15.0:sp1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1::::::
cpe:2.3:a:redhat:ansible_engine::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine::::::::
cpe:2.3:a:redhat:openstack:13:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:13:::::::*
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
cpe:2.3:o:debian:debian_linux:9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
cpe:2.3:o:opensuse:leap:15.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*
CVE-2019-14846		https://nvd.nist.gov/vuln/detail/CVE-2019-14846
GHSA-pm48-cvv2-29q5		https://github.com/advisories/GHSA-pm48-cvv2-29q5
RHSA-2019:3201		https://access.redhat.com/errata/RHSA-2019:3201
RHSA-2019:3202		https://access.redhat.com/errata/RHSA-2019:3202
RHSA-2019:3203		https://access.redhat.com/errata/RHSA-2019:3203
RHSA-2019:3207		https://access.redhat.com/errata/RHSA-2019:3207
RHSA-2020:0756		https://access.redhat.com/errata/RHSA-2020:0756
USN-7330-1		https://usn.ubuntu.com/7330-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L Found at http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L Found at http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14846.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/ansible/ansible/commit/90e74dd2600e5cc42dd9b4f4656f3d651c4ce5c4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/ansible/ansible/commit/cb0f535a8b254a2daf69cd067e842fabb2993034

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/ansible/ansible/commit/d961f676c01023a6a21503df16ba551a550e515b

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/ansible/ansible/pull/63366

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-4.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L Found at https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-14846

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2019-14846

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2019-14846

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.debian.org/security/2021/dsa-4950

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.1259
EPSS Score	0.00043
Published At	May 1, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.