Arbitrary Code Execution Vulnerability in Ansible by Red Hat
CVE-2018-10875

7.8HIGH

Key Information:

Vendor: [unknown]
Status: Ansible
Vendor: CVE Published:; 13 July 2018

What is CVE-2018-10875?

A security flaw exists in Ansible where the ansible.cfg file can be read from the current working directory. If an attacker gains control over this directory, they can alter the configuration to point to malicious plugin or module paths. This manipulation can enable the execution of arbitrary code, posing significant risks to system security. Organizations using Ansible should prioritize reviewing their configurations and applying necessary updates to mitigate this vulnerability.

Affected Version(s)

ansible

References

https://access.redhat.com/errata/RHSA-2018:2166

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2018:2152

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2018:2150

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 13, 2018
Vulnerability Reserved
May 9, 2018

CVE-2018-10875 Data

JSON

[unknown]

What is CVE-2018-10875?

Affected Version(s)

References

CVSS V3.1

CVSS V3.0

Timeline