It was found that ansible.cfg is being read from the current working directory, which can be made to point to plugin or module paths that are under control of the attacker. This could allow an attacker to execute arbitrary code.
Find out more about CVE-2018-10875 from the MITRE CVE dictionary dictionary and NIST NVD.
| CVSS3 Base Score | 7.8 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Attack Vector | Local |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity Impact | High |
| Availability Impact | High |
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Ansible Engine 2.6 for RHEL 7 (ansible) | RHSA-2018:2166 | 2018-07-10 |
| Red Hat Ansible Engine 2.5 for RHEL 7 (ansible) | RHSA-2018:2150 | 2018-07-10 |
| Red Hat OpenStack Platform 10 (ansible) | RHSA-2019:0054 | 2019-01-16 |
| Red Hat Ansible Engine 2 for RHEL 7 (ansible) | RHSA-2018:2151 | 2018-07-10 |
| Red Hat OpenStack Platform 12.0 (ansible) | RHBA-2018:3788 | 2018-12-05 |
| Red Hat Ansible Engine 2.4 for RHEL 7 Server (ansible) | RHSA-2018:2152 | 2018-07-10 |
| Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts | RHSA-2018:2321 | 2018-07-31 |
| Red Hat OpenStack Platform 13.0 (Queens) (ansible) | RHSA-2018:2585 | 2018-08-29 |
| Platform | Package | State |
|---|---|---|
| Red Hat Satellite 6 | ansible | Not affected |
| Red Hat OpenStack Platform 14 | ansible | Affected |
| Red Hat OpenShift Enterprise 3 | ansible | Affected |
| Red Hat Gluster Storage 3 | ansible | Affected |
| Red Hat Ceph Storage 3 | ansible | Affected |
| Red Hat Ceph Storage 2 | ansible | Affected |
Vulmon