High severityNVD Advisory· Published Aug 25, 2020· Updated Aug 5, 2024
CVE-2019-14904
CVE-2019-14904
Description
A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CVE-2019-14904 is a command injection vulnerability in Ansible's solaris_zone module due to insufficient validation of zone names.
Vulnerability
Description
The vulnerability resides in the solaris_zone module from the Ansible Community modules. When setting the name for a zone on a Solaris host, the module checks the zone name by listing processes with the ps bare command on the remote machine. No input validation is performed on the zone name, allowing an attacker to inject arbitrary commands by crafting a malicious zone name [1][2].
Exploitation
An attacker with the ability to specify a zone name (e.g., through a playbook or ad-hoc command) can inject shell metacharacters into the name. The module executes the ps command with the unsanitized zone name, leading to command injection on the remote Solaris host. No authentication is required beyond the privileges needed to run Ansible tasks on the target [1][2].
Impact
Successful exploitation allows an attacker to execute arbitrary commands on the remote host with the privileges of the Ansible process. This can lead to full compromise of the Solaris system, including data exfiltration, installation of backdoors, or lateral movement within the network [1][2].
Mitigation
The vulnerability affects Ansible Engine versions 2.7.15, 2.8.7, 2.9.2, and earlier. A fix was implemented in pull request #65686, which adds input validation to restrict zone names to valid characters as per Solaris Zone documentation [4]. Users should upgrade to patched versions or apply the workaround of manually validating zone names before use [1][4].
References
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ansiblePyPI | < 2.7.16 | 2.7.16 |
ansiblePyPI | >= 2.8.0a1, < 2.8.8 | 2.8.8 |
ansiblePyPI | >= 2.9.0a1, < 2.9.3 | 2.9.3 |
Affected products
148- Ansible Community/solaris_zone moduledescription
- ghsa-coords147 versionspkg:pypi/ansiblepkg:rpm/opensuse/ansible-10&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ansible-11&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ansible-12&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ansible-9&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ansible&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/ansible&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/ansible&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ansible&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ansible&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/ansible&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/ansible&distro=SUSE%20Package%20Hub%2015%20SP3pkg:rpm/suse/ardana-ansible&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-ansible&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ardana-cinder&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-cinder&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ardana-glance&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-glance&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ardana-mq&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-mq&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ardana-nova&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-nova&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ardana-osconfig&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-osconfig&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/crowbar-core&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/crowbar-openstack&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/documentation-hpe-helion-openstack-installation&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/documentation-hpe-helion-openstack-operations&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/documentation-hpe-helion-openstack-opsconsole&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/documentation-hpe-helion-openstack-planning&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/documentation-hpe-helion-openstack-security&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/documentation-hpe-helion-openstack-user&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/documentation-suse-openstack-cloud-deployment&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/documentation-suse-openstack-cloud-installation&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-operations&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-opsconsole&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-planning&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-security&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-supplement&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-supplement&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-admin&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-admin&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-user&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-user&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/documentation-suse-openstack-cloud-user&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/grafana&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/grafana-natel-discrete-panel&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/grafana-natel-discrete-panel&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/grafana-natel-discrete-panel&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-cinder&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-cinder-doc&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-cinder-doc&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-cinder-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-monasca-installer&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-monasca-installer&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-monasca-installer&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-neutron&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-neutron-doc&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-neutron-doc&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-neutron-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-nova&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-nova-doc&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-nova-doc&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-nova-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-ardana-packager&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-ardana-packager&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-Django&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-Django&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-Django&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-Flask-Cors&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-Flask-Cors&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-keystoneclient&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-keystoneclient&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-keystoneclient&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-keystonemiddleware&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-keystonemiddleware&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-keystonemiddleware&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-kombu&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-kombu&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-kombu&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-Pillow&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-Pillow&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-Pillow&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-straight-plugin&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-straight-plugin&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-urllib3&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-urllib3&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-urllib3&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/release-notes-hpe-helion-openstack&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/release-notes-suse-openstack-cloud&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/release-notes-suse-openstack-cloud&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/rubygem-crowbar-client&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/storm&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/storm&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/storm&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/venv-openstack-aodh&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-aodh&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-barbican&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-barbican&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-ceilometer&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-ceilometer&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-cinder&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-cinder&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-designate&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-designate&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-freezer&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-freezer&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-glance&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-glance&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-heat&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-heat&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-horizon&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-horizon-hpe&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-ironic&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-ironic&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-keystone&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-keystone&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-magnum&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-magnum&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-manila&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-manila&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-monasca&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-monasca&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-murano&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-murano&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-neutron&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-neutron&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-nova&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-nova&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-octavia&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-octavia&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-sahara&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-sahara&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-swift&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-swift&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-trove&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-trove&distro=SUSE%20OpenStack%20Cloud%208
< 2.7.16+ 146 more
- (no CPE)range: < 2.7.16
- (no CPE)range: < 10.6.0-1.1
- (no CPE)range: < 11.11.0-1.1
- (no CPE)range: < 12.2.0-1.1
- (no CPE)range: < 9.8.0-1.1
- (no CPE)range: < 2.9.6-lp151.2.7.1
- (no CPE)range: < 2.9.21-bp153.2.3.1
- (no CPE)range: < 2.9.14-3.15.1
- (no CPE)range: < 2.9.14-3.15.1
- (no CPE)range: < 2.9.14-3.15.1
- (no CPE)range: < 2.9.6-bp151.3.6.1
- (no CPE)range: < 2.9.21-bp153.2.3.1
- (no CPE)range: < 8.0+git.1596735237.54109b1-3.77.1
- (no CPE)range: < 8.0+git.1596735237.54109b1-3.77.1
- (no CPE)range: < 8.0+git.1596129856.263f430-3.43.1
- (no CPE)range: < 8.0+git.1596129856.263f430-3.43.1
- (no CPE)range: < 8.0+git.1593631779.76fa9b7-3.24.1
- (no CPE)range: < 8.0+git.1593631779.76fa9b7-3.24.1
- (no CPE)range: < 8.0+git.1593618123.678c32b-3.26.1
- (no CPE)range: < 8.0+git.1593618123.678c32b-3.26.1
- (no CPE)range: < 8.0+git.1601298847.dd01585-3.42.1
- (no CPE)range: < 8.0+git.1601298847.dd01585-3.42.1
- (no CPE)range: < 8.0+git.1595885113.93abcbc-3.49.1
- (no CPE)range: < 8.0+git.1595885113.93abcbc-3.49.1
- (no CPE)range: < 5.0+git.1600432272.b3ad722f0-3.44.1
- (no CPE)range: < 5.0+git.1599037158.5c4d07480-4.43.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 6.7.4-4.12.1
- (no CPE)range: < 6.7.4-4.12.1
- (no CPE)range: < 6.7.4-4.12.1
- (no CPE)range: < 0.0.9-3.3.6
- (no CPE)range: < 0.0.9-3.3.6
- (no CPE)range: < 0.0.9-3.3.6
- (no CPE)range: < 11.2.3~dev29-3.28.2
- (no CPE)range: < 11.2.3~dev29-3.28.2
- (no CPE)range: < 11.2.3~dev29-3.28.2
- (no CPE)range: < 11.2.3~dev29-3.28.1
- (no CPE)range: < 11.2.3~dev29-3.28.1
- (no CPE)range: < 11.2.3~dev29-3.28.1
- (no CPE)range: < 20190923_16.32-3.15.1
- (no CPE)range: < 20190923_16.32-3.15.1
- (no CPE)range: < 20190923_16.32-3.15.1
- (no CPE)range: < 11.0.9~dev69-3.37.2
- (no CPE)range: < 11.0.9~dev69-3.37.2
- (no CPE)range: < 11.0.9~dev69-3.37.2
- (no CPE)range: < 11.0.9~dev69-3.37.1
- (no CPE)range: < 11.0.9~dev69-3.37.1
- (no CPE)range: < 11.0.9~dev69-3.37.1
- (no CPE)range: < 16.1.9~dev76-3.39.2
- (no CPE)range: < 16.1.9~dev76-3.39.2
- (no CPE)range: < 16.1.9~dev76-3.39.2
- (no CPE)range: < 16.1.9~dev76-3.39.1
- (no CPE)range: < 16.1.9~dev76-3.39.1
- (no CPE)range: < 16.1.9~dev76-3.39.1
- (no CPE)range: < 0.0.3-7.7.2
- (no CPE)range: < 0.0.3-7.7.2
- (no CPE)range: < 1.11.29-3.19.2
- (no CPE)range: < 1.11.29-3.19.2
- (no CPE)range: < 1.11.29-3.19.2
- (no CPE)range: < 3.0.3-3.3.1
- (no CPE)range: < 3.0.3-3.3.1
- (no CPE)range: < 3.13.1-3.3.2
- (no CPE)range: < 3.13.1-3.3.2
- (no CPE)range: < 3.13.1-3.3.2
- (no CPE)range: < 4.17.1-5.3.1
- (no CPE)range: < 4.17.1-5.3.1
- (no CPE)range: < 4.17.1-5.3.1
- (no CPE)range: < 4.1.0-3.7.1
- (no CPE)range: < 4.1.0-3.7.1
- (no CPE)range: < 4.1.0-3.7.1
- (no CPE)range: < 4.2.1-3.9.2
- (no CPE)range: < 4.2.1-3.9.2
- (no CPE)range: < 4.2.1-3.9.2
- (no CPE)range: < 1.5.0-1.3.1
- (no CPE)range: < 1.5.0-1.3.1
- (no CPE)range: < 1.22-5.12.1
- (no CPE)range: < 1.22-5.12.1
- (no CPE)range: < 1.22-5.12.1
- (no CPE)range: < 8.20200922-3.23.1
- (no CPE)range: < 8.20200922-3.23.1
- (no CPE)range: < 8.20200922-3.23.1
- (no CPE)range: < 3.9.3-1.1
- (no CPE)range: < 1.2.3-3.6.1
- (no CPE)range: < 1.2.3-3.6.1
- (no CPE)range: < 1.2.3-3.6.1
- (no CPE)range: < 5.1.1~dev7-12.28.1
- (no CPE)range: < 5.1.1~dev7-12.28.1
- (no CPE)range: < 5.0.2~dev3-12.29.1
- (no CPE)range: < 5.0.2~dev3-12.29.1
- (no CPE)range: < 9.0.8~dev7-12.26.1
- (no CPE)range: < 9.0.8~dev7-12.26.1
- (no CPE)range: < 11.2.3~dev29-14.30.1
- (no CPE)range: < 11.2.3~dev29-14.30.1
- (no CPE)range: < 5.0.3~dev7-12.27.1
- (no CPE)range: < 5.0.3~dev7-12.27.1
- (no CPE)range: < 5.0.0.0~xrc2~dev2-10.24.1
- (no CPE)range: < 5.0.0.0~xrc2~dev2-10.24.1
- (no CPE)range: < 15.0.3~dev3-12.27.1
- (no CPE)range: < 15.0.3~dev3-12.27.1
- (no CPE)range: < 9.0.8~dev22-12.29.1
- (no CPE)range: < 9.0.8~dev22-12.29.1
- (no CPE)range: < 12.0.5~dev3-14.32.1
- (no CPE)range: < 12.0.5~dev3-14.32.1
- (no CPE)range: < 9.1.8~dev8-12.29.1
- (no CPE)range: < 9.1.8~dev8-12.29.1
- (no CPE)range: < 12.0.4~dev11-11.30.1
- (no CPE)range: < 12.0.4~dev11-11.30.1
- (no CPE)range: < 5.0.2_5.0.2_5.0.2~dev31-11.28.1
- (no CPE)range: < 5.0.2_5.0.2_5.0.2~dev31-11.28.1
- (no CPE)range: < 5.1.1~dev5-12.33.1
- (no CPE)range: < 5.1.1~dev5-12.33.1
- (no CPE)range: < 1.5.1_1.5.1_1.5.1~dev3-8.24.1
- (no CPE)range: < 1.5.1_1.5.1_1.5.1~dev3-8.24.1
- (no CPE)range: < 2.2.2~dev1-11.24.1
- (no CPE)range: < 2.2.2~dev1-11.24.1
- (no CPE)range: < 4.0.2~dev2-12.24.1
- (no CPE)range: < 4.0.2~dev2-12.24.1
- (no CPE)range: < 11.0.9~dev69-13.32.1
- (no CPE)range: < 11.0.9~dev69-13.32.1
- (no CPE)range: < 16.1.9~dev76-11.30.1
- (no CPE)range: < 16.1.9~dev76-11.30.1
- (no CPE)range: < 1.0.6~dev3-12.29.1
- (no CPE)range: < 1.0.6~dev3-12.29.1
- (no CPE)range: < 7.0.5~dev4-11.28.1
- (no CPE)range: < 7.0.5~dev4-11.28.1
- (no CPE)range: < 2.15.2_2.15.2_2.15.2~dev32-11.21.1
- (no CPE)range: < 2.15.2_2.15.2_2.15.2~dev32-11.21.1
- (no CPE)range: < 8.0.2~dev2-11.28.1
- (no CPE)range: < 8.0.2~dev2-11.28.1
Patches
3a1b0f72c98b4[2.9] solaris_zone: Allow only valid characters in zone name
2 files changed · +15 −0
changelogs/fragments/solaris_zone_name_fix.yml+5 −0 added@@ -0,0 +1,5 @@ +bugfixes: +- "**SECURITY** - CVE-2019-14904 - solaris_zone module accepts zone name and performs actions related to that. + However, there is no user input validation done while performing actions. A malicious user could provide a + crafted zone name which allows executing commands into the server manipulating the module behaviour. Adding + user input validation as per Solaris Zone documentation fixes this issue."
lib/ansible/modules/system/solaris_zone.py+10 −0 modified@@ -43,6 +43,10 @@ name: description: - Zone name. + - A zone name must be unique name. + - A zone name must begin with an alpha-numeric character. + - The name can contain alpha-numeric characters, underbars I(_), hyphens I(-), and periods I(.). + - The name cannot be longer than 64 characters. type: str required: true path: @@ -147,6 +151,7 @@ import os import platform +import re import tempfile import time @@ -183,6 +188,11 @@ def __init__(self, module): if int(self.os_minor) < 10: self.module.fail_json(msg='This module requires Solaris 10 or later') + match = re.match('^[a-zA-Z0-9][-_.a-zA-Z0-9]{0,62}$', self.name) + if not match: + self.module.fail_json(msg="Provided zone name is not a valid zone name. " + "Please refer documentation for correct zone name specifications.") + def configure(self): if not self.path: self.module.fail_json(msg='Missing required argument: path')
589a415f887b[2.8] solaris_zone: Allow only valid characters in zone name
2 files changed · +15 −0
changelogs/fragments/solaris_zone_name_fix.yml+5 −0 added@@ -0,0 +1,5 @@ +bugfixes: +- "**SECURITY** - CVE-2019-14904 - solaris_zone module accepts zone name and performs actions related to that. + However, there is no user input validation done while performing actions. A malicious user could provide a + crafted zone name which allows executing commands into the server manipulating the module behaviour. Adding + user input validation as per Solaris Zone documentation fixes this issue."
lib/ansible/modules/system/solaris_zone.py+10 −0 modified@@ -43,6 +43,10 @@ name: description: - Zone name. + - A zone name must be unique name. + - A zone name must begin with an alpha-numeric character. + - The name can contain alpha-numeric characters, underbars I(_), hyphens I(-), and periods I(.). + - The name cannot be longer than 64 characters. type: str required: true path: @@ -147,6 +151,7 @@ import os import platform +import re import tempfile import time @@ -183,6 +188,11 @@ def __init__(self, module): if int(self.os_minor) < 10: self.module.fail_json(msg='This module requires Solaris 10 or later') + match = re.match('^[a-zA-Z0-9][-_.a-zA-Z0-9]{0,62}$', self.name) + if not match: + self.module.fail_json(msg="Provided zone name is not a valid zone name. " + "Please refer documentation for correct zone name specifications.") + def configure(self): if not self.path: self.module.fail_json(msg='Missing required argument: path')
6a86650109b8[2.7] solaris_zone: Allow only valid characters in zone name
2 files changed · +16 −0
changelogs/fragments/solaris_zone_name_fix.yml+5 −0 added@@ -0,0 +1,5 @@ +bugfixes: +- "**SECURITY** - CVE-2019-14904 - solaris_zone module accepts zone name and performs actions related to that. + However, there is no user input validation done while performing actions. A malicious user could provide a + crafted zone name which allows executing commands into the server manipulating the module behaviour. Adding + user input validation as per Solaris Zone documentation fixes this issue."
lib/ansible/modules/system/solaris_zone.py+11 −0 modified@@ -41,6 +41,11 @@ name: description: - Zone name. + - A zone name must be unique name. + - A zone name must begin with an alpha-numeric character. + - The name can contain alpha-numeric characters, underbars I(_), hyphens I(-), and periods I(.). + - The name cannot be longer than 64 characters. + type: str required: true path: description: @@ -137,6 +142,7 @@ import os import platform +import re import tempfile import time @@ -173,6 +179,11 @@ def __init__(self, module): if int(self.os_minor) < 10: self.module.fail_json(msg='This module requires Solaris 10 or later') + match = re.match('^[a-zA-Z0-9][-_.a-zA-Z0-9]{0,62}$', self.name) + if not match: + self.module.fail_json(msg="Provided zone name is not a valid zone name. " + "Please refer documentation for correct zone name specifications.") + def configure(self): if not self.path: self.module.fail_json(msg='Missing required argument: path')
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
10- github.com/advisories/GHSA-gwr8-5j83-483cghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-14904ghsaADVISORY
- www.debian.org/security/2021/dsa-4950ghsavendor-advisoryx_refsource_DEBIANWEB
- bugzilla.redhat.com/show_bug.cgighsax_refsource_MISCWEB
- github.com/ansible/ansible/commit/589a415f887b6f2bb65cd07fe6b2e9d0a8156b69ghsaWEB
- github.com/ansible/ansible/commit/6a86650109b8654f5898369e45d3857624edf907ghsaWEB
- github.com/ansible/ansible/commit/a1b0f72c98b4b2afaab8aafa255e82c2075049c8ghsaWEB
- github.com/ansible/ansible/pull/65686ghsax_refsource_MISCWEB
- github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-161.yamlghsaWEB
- lists.debian.org/debian-lts-announce/2021/01/msg00023.htmlghsamailing-listx_refsource_MLISTWEB
News mentions
0No linked articles in our index yet.