← Back

CVE-2018-10875

nvd nist
Published: Jul 13, 2018Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.

Affected (19)

Show all products
Redhat: Ansible Engine, Ceph Storage, Gluster Storage, Openshift, Openstack, Virtualization, Virtualization Host · Debian: Debian Linux · Suse: Package Hub · Canonical: Ubuntu Linux
Redhat
7 products
Ansible Engine
Ceph Storage
Gluster Storage
Openshift
Openstack
Virtualization
Virtualization Host
Debian
1 product
Debian Linux
Suse
1 product
Package Hub
Canonical
1 product
Ubuntu Linux
Configuration A
13 vulnerable
Vulnerable SoftwareAffected Versions
Redhat
Ansible Engine
Version 2.0
Ansible Engine
Version 2.4
Ansible Engine
Version 2.5
Ansible Engine
Version 2.6
Redhat
Ceph Storage
Version 2.0
Ceph Storage
Version 3.0
Gluster Storage
Version 3.0.0
Openshift
Version 3.0
Redhat
Openstack
Version 10
Openstack
Version 12
Openstack
Version 13
Virtualization
Version 4.0
Virtualization Host
Version 4.0
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 9.0
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Package Hub
All versions
Running on/withPlatform Versions
Suse
Suse Linux Enterprise Server
Version 12
Configuration D
4 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 16.04
Ubuntu Linux
Version 18.04
Ubuntu Linux
Version 19.04
Debian Linux
Version 8.0

Related CWEs

CWE-426
Untrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

References (28)

Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party AdvisoryVDB Entry
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Issue TrackingThird Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.