ALPINE-CVE-2019-14905 — Vulnetix

Try Vulnetix Request Demo

ALPINE-CVE-2019-14905 PUBLISHED CVSS 5.599999904632568 MEDIUM

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.

Risk Scores

CVSS v3.1

5.599999904632568

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

Affected Products

Vendor	Product	Versions
Alpine:v3.14	ansible-base	1.8.2-r0, 1.8.4-r0, 1.9.2-r1
Alpine:v3.11	ansible	2.8.6-r2, 0, 0.3.1-r0
Alpine:v3.9	ansible	2.7.14-r0, 2.7.13-r0, 2.7.12-r0
Alpine:v3.10	ansible	2.3.2.0-r0, 0.4-r0, 0.5-r0
Alpine:v3.13	ansible-base	0.3.1-r0, 0.4-r0, 0.5-r0
Alpine:v3.12	ansible	2.9.2-r1, 2.9.2-r0, 2.9.1-r0

Timeline

Mar 31, 2020 CVE Published
Nov 19, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2019-14905 advisory

Open in Interactive Console →