VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-z25c-x91u-aaag

Essentials
Severities (127)
References (41)
Severity details (37)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-z25c-x91u-aaag
Aliases	CVE-2020-14365 GHSA-m429-fhmv-c6q2 PYSEC-2020-209
Summary	A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-347	Improper Verification of Cryptographic Signature
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
rhas	Important	https://access.redhat.com/errata/RHSA-2020:3600
rhas	Important	https://access.redhat.com/errata/RHSA-2020:3601
rhas	Important	https://access.redhat.com/errata/RHSA-2020:3602
cvssv3	6.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14365.json
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.0008	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.0008	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00104	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00342	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00342	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00342	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00342	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00342	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00342	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00342	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00342	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00342	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00342	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00342	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00342	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00342	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00342	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00342	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00342	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00342	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00342	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00342	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00342	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00342	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
epss	0.00586	https://api.first.org/data/v1/epss?cve=CVE-2020-14365
cvssv3.1	7.1	https://bugzilla.redhat.com/show_bug.cgi?id=1869154
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=1869154
rhbs	high	https://bugzilla.redhat.com/show_bug.cgi?id=1869154
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206
generic_textual	Low	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846
generic_textual	Low	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864
generic_textual	Low	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729
cvssv3.1	6.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.1	https://github.com/advisories/GHSA-m429-fhmv-c6q2
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-m429-fhmv-c6q2
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-m429-fhmv-c6q2
generic_textual	MODERATE	https://github.com/advisories/GHSA-m429-fhmv-c6q2
cvssv3.1	5.0	https://github.com/ansible/ansible
cvssv3.1	7.1	https://github.com/ansible/ansible
generic_textual	MODERATE	https://github.com/ansible/ansible
cvssv3.1	7.1	https://github.com/ansible/ansible/commit/1d043e082b3b1f3ad35c803137f5d3bcbae92275
generic_textual	HIGH	https://github.com/ansible/ansible/commit/1d043e082b3b1f3ad35c803137f5d3bcbae92275
generic_textual	MODERATE	https://github.com/ansible/ansible/commit/1d043e082b3b1f3ad35c803137f5d3bcbae92275
cvssv3.1	7.1	https://github.com/ansible/ansible/commit/1fa2d5fd6b768120b76a77929e27302b06accc0c
generic_textual	HIGH	https://github.com/ansible/ansible/commit/1fa2d5fd6b768120b76a77929e27302b06accc0c
generic_textual	MODERATE	https://github.com/ansible/ansible/commit/1fa2d5fd6b768120b76a77929e27302b06accc0c
cvssv3.1	7.1	https://github.com/ansible/ansible/commit/9bea33ffa3be3d64827f59882d95b817cfab9b7e
generic_textual	HIGH	https://github.com/ansible/ansible/commit/9bea33ffa3be3d64827f59882d95b817cfab9b7e
generic_textual	MODERATE	https://github.com/ansible/ansible/commit/9bea33ffa3be3d64827f59882d95b817cfab9b7e
cvssv3.1	7.1	https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-209.yaml
generic_textual	HIGH	https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-209.yaml
generic_textual	MODERATE	https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-209.yaml
cvssv2	6.6	https://nvd.nist.gov/vuln/detail/CVE-2020-14365
cvssv3	7.1	https://nvd.nist.gov/vuln/detail/CVE-2020-14365
cvssv3.1	7.1	https://nvd.nist.gov/vuln/detail/CVE-2020-14365
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2020-14365
cvssv3.1	7.1	https://www.debian.org/security/2021/dsa-4950
cvssv3.1	7.5	https://www.debian.org/security/2021/dsa-4950
generic_textual	HIGH	https://www.debian.org/security/2021/dsa-4950
generic_textual	MODERATE	https://www.debian.org/security/2021/dsa-4950

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14365.json
		https://api.first.org/data/v1/epss?cve=CVE-2020-14365
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10156
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10206
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14864
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14904
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10684
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10685
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10729
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14330
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14332
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14365
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1733
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1735
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1739
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1740
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1746
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1753
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20228
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/ansible/ansible
		https://github.com/ansible/ansible/commit/1d043e082b3b1f3ad35c803137f5d3bcbae92275
		https://github.com/ansible/ansible/commit/1fa2d5fd6b768120b76a77929e27302b06accc0c
		https://github.com/ansible/ansible/commit/9bea33ffa3be3d64827f59882d95b817cfab9b7e
		https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-209.yaml
		https://www.debian.org/security/2021/dsa-4950
1869154		https://bugzilla.redhat.com/show_bug.cgi?id=1869154
cpe:2.3:a:redhat:ansible_engine::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine::::::::
cpe:2.3:a:redhat:ansible_tower::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_tower::::::::
cpe:2.3:a:redhat:ansible_tower:3.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_tower:3.0:::::::*
cpe:2.3:a:redhat:ceph_storage:2.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ceph_storage:2.0:::::::*
cpe:2.3:a:redhat:ceph_storage:3.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ceph_storage:3.0:::::::*
cpe:2.3:a:redhat:openstack_platform:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack_platform:10.0:::::::*
cpe:2.3:a:redhat:openstack_platform:13.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack_platform:13.0:::::::*
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
CVE-2020-14365		https://nvd.nist.gov/vuln/detail/CVE-2020-14365
GHSA-m429-fhmv-c6q2		https://github.com/advisories/GHSA-m429-fhmv-c6q2
RHSA-2020:3600		https://access.redhat.com/errata/RHSA-2020:3600
RHSA-2020:3601		https://access.redhat.com/errata/RHSA-2020:3601
RHSA-2020:3602		https://access.redhat.com/errata/RHSA-2020:3602

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14365.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=1869154

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/advisories/GHSA-m429-fhmv-c6q2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/ansible/ansible

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/ansible/ansible/commit/1d043e082b3b1f3ad35c803137f5d3bcbae92275

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/ansible/ansible/commit/1fa2d5fd6b768120b76a77929e27302b06accc0c

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/ansible/ansible/commit/9bea33ffa3be3d64827f59882d95b817cfab9b7e

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-209.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:L/AC:L/Au:N/C:N/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2020-14365

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-14365

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-14365

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://www.debian.org/security/2021/dsa-4950

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.debian.org/security/2021/dsa-4950

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.13628
EPSS Score	0.00044
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.