A vulnerability was found in Ansible Engine versions 2.9.x prior to 2.9.3, 2.8.x prior to 2.8.8, 2.7.x prior to 2.7.16 and previous versions, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat ansible engine |
||
redhat cloudforms management engine 5.0 |
||
redhat ceph storage 3.0 |
||
redhat ansible tower 3.0.0 |
||
redhat openstack 13 |
||
fedoraproject fedora 30 |
||
opensuse leap 15.1 |
||
opensuse backports sle 15.0 |