7.8
CVSSv3

CVE-2018-10875

Published: 13/07/2018 Updated: 29/05/2020
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 409
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the malicious user to execute arbitrary code.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat ansible engine 2.0

redhat ansible engine 2.4

redhat ansible engine 2.5

redhat openstack 10

redhat openstack 13.0

redhat virtualization host 4.0

redhat ceph storage 2.0

redhat ceph storage 3.0

redhat openshift 3.0

redhat ansible engine 2.6

redhat openstack 12

redhat virtualization 4.0

redhat gluster storage 3.0.0

debian debian linux 9.0

suse package_hub -

canonical ubuntu linux 16.04

canonical ubuntu linux 18.04

canonical ubuntu linux 19.04

debian debian linux 8.0

Vendor Advisories

Synopsis Moderate: Red Hat Virtualization security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a ...
Synopsis Moderate: ansible security update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Red Hat OpenStack Platform 100 (Newton)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) ...
Synopsis Moderate: ansible security update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Ansible Engine 24Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which give ...
Synopsis Moderate: ansible security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Ansible Engine 2Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, ...
Synopsis Moderate: ansible security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Ansible Engine 25Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score ...
Synopsis Moderate: ansible security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Ansible Engine 26Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score ...
Synopsis Moderate: ansible security update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Red HatOpenStack Platform 130 (Queens)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) b ...
It was found that ansiblecfg is being read from the current working directory, which can be made to point to plugin or module paths that are under control of the attacker This could allow an attacker to execute arbitrary code ...
Debian Bug report logs - #912297 ansible: CVE-2018-16837 Package: ansible; Maintainer for ansible is Harlan Lieberman-Berg <hlieberman@debianorg>; Source for ansible is src:ansible (PTS, buildd, popcon) Reported by: Chris Lamb <lamby@debianorg> Date: Mon, 29 Oct 2018 21:54:02 UTC Severity: grave Tags: security Fo ...
Several vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system: CVE-2018-10855 / CVE-2018-16876 The no_log task flag wasn't honored, resulting in an information leak CVE-2018-10875 ansiblecfg was read from the current working directory CVE-2018-16837 The user module leaked param ...
Several security issues were fixed in Ansible ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4396-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff February 19, 2019 wwwdebianorg/security/faq ...