4.6
CVSSv2

CVE-2018-10874

Published: 02/07/2018 Updated: 25/07/2019
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 409
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

Vendor Advisories

Synopsis Moderate: Red Hat Virtualization security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a ...
Synopsis Moderate: ansible security update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Red Hat OpenStack Platform 100 (Newton)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) ...
Synopsis Moderate: ansible security update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Ansible Engine 24Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which give ...
Synopsis Moderate: ansible security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Ansible Engine 2Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, ...
Synopsis Moderate: ansible security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Ansible Engine 25Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score ...
Synopsis Moderate: ansible security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Ansible Engine 26Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score ...
Synopsis Moderate: ansible security update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Red HatOpenStack Platform 130 (Queens)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) b ...
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result ...
Ansible is shipped as a component of Data Science Experience Local Information about a security vulnerability affecting Ansible has been published in a security bulletin ...
Debian Bug report logs - #912297 ansible: CVE-2018-16837 Package: ansible; Maintainer for ansible is Harlan Lieberman-Berg <hlieberman@debianorg>; Source for ansible is src:ansible (PTS, buildd, popcon) Reported by: Chris Lamb <lamby@debianorg> Date: Mon, 29 Oct 2018 21:54:02 UTC Severity: grave Tags: security Fo ...
Several security issues were fixed in Ansible ...