CVE-2014-4678 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 88%

Vendor	Product	Version
redhat	ansible	𝑥 < 1.6.4
debian	debian_linux	8.0
debian	debian_linux	9.0
debian	debian_linux	10.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

ansible

bullseye	2.10.7+merged+base+2.10.17+dfsg-0+deb11u1 fixed
bookworm	7.7.0+dfsg-3+deb12u1 fixed
sid	10.5.0+dfsg-2 fixed
trixie	10.5.0+dfsg-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

ansible

jammy	not-affected
impish	not-affected
hirsute	not-affected
groovy	not-affected
focal	not-affected
eoan	not-affected
disco	not-affected
cosmic	not-affected
bionic	not-affected
artful	not-affected
zesty	ignored
yakkety	ignored
xenial	not-affected
wily	ignored
vivid	ignored
utopic	ignored
trusty	Fixed 1.5.4+dfsg-1ubuntu0.1~esm2 released
saucy	ignored
precise	dne
lucid	dne

Common Weakness Enumeration

CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

References

https://github.com/ansible/ansible/commit/5429b85b9f6c2e640074176f36ff05fd5e4d1916

https://groups.google.com/forum/message/raw?msg=ansible-announce/ieV1vZvcTXU/5Q93ThkY9rIJ

https://security-tracker.debian.org/tracker/CVE-2014-4678

https://www.openwall.com/lists/oss-security/2014/06/26/30

https://www.openwall.com/lists/oss-security/2014/07/02/2

https://www.rapid7.com/db/vulnerabilities/freebsd-vid-2c493ac8-205e-11e5-a4a5-002590263bf5

https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2014-4678

https://github.com/ansible/ansible/commit/5429b85b9f6c2e640074176f36ff05fd5e4d1916

https://groups.google.com/forum/message/raw?msg=ansible-announce/ieV1vZvcTXU/5Q93ThkY9rIJ

https://security-tracker.debian.org/tracker/CVE-2014-4678

https://www.openwall.com/lists/oss-security/2014/06/26/30

https://www.openwall.com/lists/oss-security/2014/07/02/2

https://www.rapid7.com/db/vulnerabilities/freebsd-vid-2c493ac8-205e-11e5-a4a5-002590263bf5

https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2014-4678