Alpine: multiple ansible packages: security update to 2.7.16-r0

high Tenable Self-Hosted Container Security Plugin ID 403500

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not
respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks
results events to collectors. This would discloses and collects any sensitive data. (CVE-2019-14864)

- A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for
the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command
on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and
executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as
previous versions are affected. (CVE-2019-14904)

- A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before
2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or
bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command
injections. This could result in a loss of confidentiality of the system among other issues.
(CVE-2019-14905)

See Also

https://security.alpinelinux.org/vuln/CVE-2019-14864

https://security.alpinelinux.org/vuln/CVE-2019-14904

https://security.alpinelinux.org/vuln/CVE-2019-14905

Plugin Details

Severity: High

ID: 403500

Version: Revision 1.29

Type: Local

Published: 10/31/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

Percentile: 56.69

CVSS v2

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 4.8

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:P/A:P

CVSS Score Source: CVE-2019-14904

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.6

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 11/20/2019

Reference Information

CVE: CVE-2019-14864, CVE-2019-14904, CVE-2019-14905