Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
409
VMScore

CVE-2018-10874

Published: 02/07/2018 Updated: 13/02/2023
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 409
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Redhat

Vulnerability Summary

It exists that Ansible failed to properly handle sensitive information. A local attacker could use those vulnerabilities to extract them. (CVE-2017-7481) (CVE-2018-10855) (CVE-2018-16837) (CVE-2018-16876) (CVE-2019-10156)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat virtualization host 4.0

redhat virtualization 4.0

redhat ansible engine 2.5

redhat ansible engine 2.0

redhat ansible engine 2.4

redhat ansible engine 2.6

redhat openstack 10

redhat openstack 12

redhat openstack 13

Vendor Advisories

Debian CVElist Bug Report Logs: ansible: CVE-2018-16837
Debian Bug report logs - #912297 ansible: CVE-2018-16837 Package: ansible; Maintainer for ansible is Harlan Lieberman-Berg <hlieberman@debianorg>; Source for ansible is src:ansible (PTS, buildd, popcon) Reported by: Chris Lamb <lamby@debianorg> Date: Mon, 29 Oct 2018 21:54:02 UTC Severity: grave Tags: security Fo ...
Ubuntu Security Notice: ansible vulnerabilities
Several security issues were fixed in Ansible ...
Red Hat: Moderate: ansible security and bug fix update
Synopsis Moderate: ansible security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Ansible Engine 26Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score ...
Red Hat: Moderate: Red Hat Virtualization security, bug fix, and enhancement update
Synopsis Moderate: Red Hat Virtualization security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a ...
Red Hat: Moderate: ansible security update
Synopsis Moderate: ansible security update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Ansible Engine 24Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which give ...
Red Hat: Moderate: ansible security and bug fix update
Synopsis Moderate: ansible security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Ansible Engine 2Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, ...
Red Hat: Moderate: ansible security and bug fix update
Synopsis Moderate: ansible security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Ansible Engine 25Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score ...
Red Hat: Moderate: ansible security update
Synopsis Moderate: ansible security update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Red HatOpenStack Platform 130 (Queens)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) b ...
Red Hat: Moderate: ansible security update
Synopsis Moderate: ansible security update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Red Hat OpenStack Platform 100 (Newton)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) ...
Red Hat: CVE-2018-10874
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result ...

References

CWE-426https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874https://access.redhat.com/errata/RHSA-2018:2166https://access.redhat.com/errata/RHSA-2018:2152https://access.redhat.com/errata/RHSA-2018:2151https://access.redhat.com/errata/RHSA-2018:2150https://access.redhat.com/errata/RHSA-2018:2321http://www.securitytracker.com/id/1041396https://access.redhat.com/errata/RHSA-2018:2585https://access.redhat.com/errata/RHBA-2018:3788https://access.redhat.com/errata/RHSA-2019:0054https://usn.ubuntu.com/4072-1/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912297https://usn.ubuntu.com/4072-1/https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook