VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-zk4f-r19r-aaap

Essentials
Severities (124)
References (26)
Severity details (28)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-zk4f-r19r-aaap
Aliases	CVE-2019-14858 GHSA-h653-95qw-h2mp PYSEC-2019-171
Summary	A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-532	Insertion of Sensitive Information into Log File
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-117	Improper Output Neutralization for Logs

System	Score	Found at
cvssv3.1	5.6	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
cvssv3.1	5.6	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
generic_textual	Low	http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14858.html
rhas	Important	https://access.redhat.com/errata/RHSA-2019:3201
rhas	Important	https://access.redhat.com/errata/RHSA-2019:3202
rhas	Important	https://access.redhat.com/errata/RHSA-2019:3203
rhas	Important	https://access.redhat.com/errata/RHSA-2019:3207
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:0756
cvssv3	5.0	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14858.json
epss	0.00037	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.00037	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.00037	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.00037	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0004	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0004	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.00059	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.00059	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.00059	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.00059	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.00059	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.00059	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.00059	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.00059	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.00059	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.00059	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss	0.00166	https://api.first.org/data/v1/epss?cve=CVE-2019-14858
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=1760593
cvssv3.1	5.5	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14858
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14858
generic_textual	Low	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14858
cvssv3	2.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-h653-95qw-h2mp
cvssv3.1	5.0	https://github.com/ansible/ansible
generic_textual	MODERATE	https://github.com/ansible/ansible
cvssv3.1	5.5	https://github.com/ansible/ansible/commit/0fd656e9964a91f2e8b1e9bbf78c74661ab9d37b
generic_textual	MODERATE	https://github.com/ansible/ansible/commit/0fd656e9964a91f2e8b1e9bbf78c74661ab9d37b
cvssv3.1	5.5	https://github.com/ansible/ansible/commit/3dfb8e81bb5f776a6b00c7a90dd087e85b71f8bb
generic_textual	MODERATE	https://github.com/ansible/ansible/commit/3dfb8e81bb5f776a6b00c7a90dd087e85b71f8bb
cvssv3.1	5.5	https://github.com/ansible/ansible/commit/87f8d77d70476454f7fe2381bd363a329ce4266c
generic_textual	MODERATE	https://github.com/ansible/ansible/commit/87f8d77d70476454f7fe2381bd363a329ce4266c
cvssv3.1	5.5	https://github.com/ansible/ansible/commit/f610ed3a4eb87eb557200606279796921fa9b722
generic_textual	MODERATE	https://github.com/ansible/ansible/commit/f610ed3a4eb87eb557200606279796921fa9b722
cvssv3.1	5.5	https://github.com/ansible/ansible/pull/63405
generic_textual	MODERATE	https://github.com/ansible/ansible/pull/63405
cvssv3.1	5.5	https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-171.yaml
generic_textual	MODERATE	https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-171.yaml
cvssv2	2.1	https://nvd.nist.gov/vuln/detail/CVE-2019-14858
cvssv3	5.5	https://nvd.nist.gov/vuln/detail/CVE-2019-14858
cvssv3.1	5.5	https://nvd.nist.gov/vuln/detail/CVE-2019-14858

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
		http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
		http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14858.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14858.json
		https://api.first.org/data/v1/epss?cve=CVE-2019-14858
		https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14858
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14858
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/ansible/ansible
		https://github.com/ansible/ansible/commit/0fd656e9964a91f2e8b1e9bbf78c74661ab9d37b
		https://github.com/ansible/ansible/commit/3dfb8e81bb5f776a6b00c7a90dd087e85b71f8bb
		https://github.com/ansible/ansible/commit/87f8d77d70476454f7fe2381bd363a329ce4266c
		https://github.com/ansible/ansible/commit/f610ed3a4eb87eb557200606279796921fa9b722
		https://github.com/ansible/ansible/pull/63405
		https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-171.yaml
1760593		https://bugzilla.redhat.com/show_bug.cgi?id=1760593
942332		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942332
cpe:2.3:a:redhat:ansible_engine::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine::::::::
cpe:2.3:a:redhat:ansible_tower::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_tower::::::::
CVE-2019-14858		https://nvd.nist.gov/vuln/detail/CVE-2019-14858
GHSA-h653-95qw-h2mp		https://github.com/advisories/GHSA-h653-95qw-h2mp
RHSA-2019:3201		https://access.redhat.com/errata/RHSA-2019:3201
RHSA-2019:3202		https://access.redhat.com/errata/RHSA-2019:3202
RHSA-2019:3203		https://access.redhat.com/errata/RHSA-2019:3203
RHSA-2019:3207		https://access.redhat.com/errata/RHSA-2019:3207
RHSA-2020:0756		https://access.redhat.com/errata/RHSA-2020:0756

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L Found at http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L Found at http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14858.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14858

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible/commit/0fd656e9964a91f2e8b1e9bbf78c74661ab9d37b

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible/commit/3dfb8e81bb5f776a6b00c7a90dd087e85b71f8bb

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible/commit/87f8d77d70476454f7fe2381bd363a329ce4266c

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible/commit/f610ed3a4eb87eb557200606279796921fa9b722

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible/pull/63405

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-171.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-14858

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-14858

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-14858

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.09954
EPSS Score	0.00037
Published At	June 1, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.