Arbitrary Code Execution Vulnerability in Ansible Affecting Red Hat Products
CVE-2018-10874

7.8HIGH

Key Information:

Vendor

[unknown]

Status
Ansible
Vendor
CVE Published:
2 July 2018

What is CVE-2018-10874?

Ansible has a security issue where inventory variables can be loaded from the current working directory during the execution of ad-hoc commands. Since these variables are within an attacker's control, it opens gate for executing arbitrary code, potentially compromising the security of the affected systems. This vulnerability highlights the importance of secure configurations and diligent management of user inputs.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ansible

References

https://access.redhat.com/errata/RHSA-2018:2166
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2152
vendor-advisoryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.