ALPINE-CVE-2019-14905

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2019-14905

Published: 31 Mar 2020, 17:15

Last modified:19 Nov 2025, 06:15

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.6 MEDIUM

3.1 (osv_alpine)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

31 Mar 2020, 17:15

Published

Vulnerability first disclosed

19 Nov 2025, 06:15

Last Modified

Vulnerability information updated

Description

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.

CVSS Metrics

v3.1•MEDIUM•Score: 5.6CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

Affected Systems

alpine•ansible
< 2.8.8-r0 | < 2.9.3-r0 | < 2.9.3-r0 | < 2.7.16-r0
alpine•ansible-base
< 2.9.3-r0 | < 2.9.3-r0

References (1)

https://security.alpinelinux.org/vuln/CVE-2019-14905