Candidate: CVE-2014-4967 PublicDate: 2020-02-18 15:15:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4967 https://github.com/ansible/ansible/commit/84759faa0950146a6bae8452580b4a4cede6d871 http://www.openwall.com/lists/oss-security/2014/07/22 Description: Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command. Ubuntu-Description: It was discovered that Ansible mishandled certain input. A remote attacker could use this to execute arbitrary code. Notes: Bugs: Priority: medium Discovered-by: Assigned-to: CVSS: nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL] Patches_ansible: upstream: https://github.com/ansible/ansible/commit/84759faa0950146a6bae8452580b4a4cede6d871 upstream_ansible: released (1.6.8+dfsg-1) lucid_ansible: DNE precise_ansible: DNE precise/esm_ansible: DNE trusty_ansible: ignored (out of standard support) trusty/esm_ansible: released (1.5.4+dfsg-1ubuntu0.1~esm2) utopic_ansible: ignored (reached end-of-life) vivid_ansible: ignored (reached end-of-life) vivid/stable-phone-overlay_ansible: DNE vivid/ubuntu-core_ansible: DNE wily_ansible: ignored (reached end-of-life) xenial_ansible: not-affected (2.0.0.2-2ubuntu1) yakkety_ansible: ignored (reached end-of-life) zesty_ansible: ignored (reached end-of-life) artful_ansible: ignored (reached end-of-life) bionic_ansible: not-affected (2.5.1+dfsg-1) cosmic_ansible: not-affected (2.6.1+dfsg-1) disco_ansible: not-affected (2.6.1+dfsg-1) eoan_ansible: not-affected (2.6.1+dfsg-1) focal_ansible: not-affected (2.6.1+dfsg-1) groovy_ansible: not-affected (2.6.1+dfsg-1) hirsute_ansible: not-affected (2.6.1+dfsg-1) impish_ansible: not-affected (2.6.1+dfsg-1) jammy_ansible: not-affected (2.6.1+dfsg-1) devel_ansible: not-affected (2.6.1+dfsg-1)