Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-10874 (GCVE-0-2018-10874)
Vulnerability from cvelistv5 – Published: 2018-07-02 13:00 – Updated: 2024-08-05 07:46
VLAI?
EPSS
Summary
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
Severity ?
7.8 (High)
CWE
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2018:2166 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2152 | vendor-advisoryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2018:2150 | vendor-advisoryx_refsource_REDHAT |
| http://www.securitytracker.com/id/1041396 | vdb-entryx_refsource_SECTRACK |
| https://access.redhat.com/errata/RHBA-2018:3788 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2019:0054 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2151 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2321 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2585 | vendor-advisoryx_refsource_REDHAT |
| https://usn.ubuntu.com/4072-1/ | vendor-advisoryx_refsource_UBUNTU |
Date Public ?
2018-06-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:47.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:2166",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2166"
},
{
"name": "RHSA-2018:2152",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2152"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874"
},
{
"name": "RHSA-2018:2150",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2150"
},
{
"name": "1041396",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041396"
},
{
"name": "RHBA-2018:3788",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
},
{
"name": "RHSA-2019:0054",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0054"
},
{
"name": "RHSA-2018:2151",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2151"
},
{
"name": "RHSA-2018:2321",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2321"
},
{
"name": "RHSA-2018:2585",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2585"
},
{
"name": "USN-4072-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4072-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ansible",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker\u0027s control, allowing to run arbitrary code as a result."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-25T01:06:05.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2018:2166",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2166"
},
{
"name": "RHSA-2018:2152",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2152"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874"
},
{
"name": "RHSA-2018:2150",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2150"
},
{
"name": "1041396",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041396"
},
{
"name": "RHBA-2018:3788",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
},
{
"name": "RHSA-2019:0054",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0054"
},
{
"name": "RHSA-2018:2151",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2151"
},
{
"name": "RHSA-2018:2321",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2321"
},
{
"name": "RHSA-2018:2585",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2585"
},
{
"name": "USN-4072-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4072-1/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-10874",
"datePublished": "2018-07-02T13:00:00.000Z",
"dateReserved": "2018-05-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:46:47.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-10874",
"date": "2026-05-19",
"epss": "0.0005",
"percentile": "0.15687"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8989CD03-49A1-4831-BF98-9F21592788BE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:ansible_engine:2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5864D753-2A37-4800-A73E-6ACA0662B605\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:ansible_engine:2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C5A40D5-4DF7-43D9-962E-1529D2DF198D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:ansible_engine:2.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"13BACD7C-AC7E-4D86-8D9B-ABB614005D0C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D4AC996-B340-4A14-86F7-FF83B4D5EC8F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"704CFA1A-953E-4105-BFBE-406034B83DED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BBD7A51-0590-4DDF-8249-5AFA8D645CB6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB28F9AF-3D06-4532-B397-96D7E4792503\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker\u0027s control, allowing to run arbitrary code as a result.\"}, {\"lang\": \"es\", \"value\": \"En Ansible, se ha descubierto que las variables de inventario se cargan desde el directorio de trabajo actual cuando se ejecutan comandos ad-hoc bajo el control del atacante, lo que permite la ejecuci\\u00f3n de c\\u00f3digo arbitrario como resultado.\"}]",
"id": "CVE-2018-10874",
"lastModified": "2024-11-21T03:42:11.677",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2018-07-02T13:29:00.367",
"references": "[{\"url\": \"http://www.securitytracker.com/id/1041396\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHBA-2018:3788\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2150\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2151\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2152\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2166\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2321\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2585\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:0054\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4072-1/\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securitytracker.com/id/1041396\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHBA-2018:3788\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2150\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2151\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2152\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2166\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2321\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2585\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:0054\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4072-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-426\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-10874\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2018-07-02T13:29:00.367\",\"lastModified\":\"2024-11-21T03:42:11.677\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker\u0027s control, allowing to run arbitrary code as a result.\"},{\"lang\":\"es\",\"value\":\"En Ansible, se ha descubierto que las variables de inventario se cargan desde el directorio de trabajo actual cuando se ejecutan comandos ad-hoc bajo el control del atacante, lo que permite la ejecuci\u00f3n de c\u00f3digo arbitrario como resultado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-426\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8989CD03-49A1-4831-BF98-9F21592788BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ansible_engine:2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5864D753-2A37-4800-A73E-6ACA0662B605\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ansible_engine:2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C5A40D5-4DF7-43D9-962E-1529D2DF198D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ansible_engine:2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13BACD7C-AC7E-4D86-8D9B-ABB614005D0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D4AC996-B340-4A14-86F7-FF83B4D5EC8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"704CFA1A-953E-4105-BFBE-406034B83DED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BBD7A51-0590-4DDF-8249-5AFA8D645CB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB28F9AF-3D06-4532-B397-96D7E4792503\"}]}]}],\"references\":[{\"url\":\"http://www.securitytracker.com/id/1041396\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHBA-2018:3788\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2150\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2151\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2152\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2166\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2321\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2585\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0054\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4072-1/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id/1041396\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHBA-2018:3788\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2150\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2151\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2152\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2166\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2321\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2585\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0054\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4072-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
BDU:2019-02880
Vulnerability from fstec - Published: 29.06.2018
VLAI Severity ?
Title
Уязвимость системы управления конфигурациями Ansible, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость системы управления конфигурациями Ansible связана с недостаточной проверкой вводимых данных. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код
Severity ?
Vendor
ООО «РусБИТех-Астра», Red Hat Inc., Ansible
Software Name
Astra Linux Special Edition (запись в едином реестре российских программ №369), Red Hat Enterprise Linux, Ansible Engine
Software Version
1.6 «Смоленск» (Astra Linux Special Edition), Virtualization 4.0 (Red Hat Enterprise Linux), Openstack 10 (Red Hat Enterprise Linux), Openstack 13.0 (Red Hat Enterprise Linux), Openstack 12 (Red Hat Enterprise Linux), Virtualization Host 4.0 (Red Hat Enterprise Linux), 2.0 (Ansible Engine), 2.4 (Ansible Engine), 2.5 (Ansible Engine), 2.6 (Ansible Engine)
Possible Mitigations
Использование рекомендаций:
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/errata/RHBA-2018:3788
https://access.redhat.com/errata/RHSA-2018:2150
https://access.redhat.com/errata/RHSA-2018:2151
https://access.redhat.com/errata/RHSA-2018:2152
https://access.redhat.com/errata/RHSA-2018:2166
https://access.redhat.com/errata/RHSA-2018:2321
https://access.redhat.com/errata/RHSA-2018:2585
https://access.redhat.com/errata/RHSA-2019:0054
Для Ubuntu:
https://usn.ubuntu.com/4072-1/
Для Astra Linux:
https://wiki.astralinux.ru/pages/viewpage.action?pageId=44892734
Reference
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10874.html?_ga=2.143353205.1969003529.1563858569-1618695258.1547637860
https://nvd.nist.gov/vuln/detail/CVE-2018-10874
https://usn.ubuntu.com/4072-1/
https://access.redhat.com/errata/RHBA-2018:3788
https://access.redhat.com/errata/RHSA-2018:2150
https://access.redhat.com/errata/RHSA-2018:2151
https://access.redhat.com/errata/RHSA-2018:2152
https://access.redhat.com/errata/RHSA-2018:2166
https://access.redhat.com/errata/RHSA-2018:2321
https://access.redhat.com/errata/RHSA-2018:2585
https://access.redhat.com/errata/RHSA-2019:0054
https://www.cvedetails.com/cve/CVE-2018-10874/
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874
https://wiki.astralinux.ru/pages/viewpage.action?pageId=44892734
CWE
CWE-20
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Red Hat Inc., Ansible",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), Virtualization 4.0 (Red Hat Enterprise Linux), Openstack 10 (Red Hat Enterprise Linux), Openstack 13.0 (Red Hat Enterprise Linux), Openstack 12 (Red Hat Enterprise Linux), Virtualization Host 4.0 (Red Hat Enterprise Linux), 2.0 (Ansible Engine), 2.4 (Ansible Engine), 2.5 (Ansible Engine), 2.6 (Ansible Engine)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.: \n\nhttps://access.redhat.com/errata/RHBA-2018:3788\n\nhttps://access.redhat.com/errata/RHSA-2018:2150\n\nhttps://access.redhat.com/errata/RHSA-2018:2151\n\nhttps://access.redhat.com/errata/RHSA-2018:2152\n\nhttps://access.redhat.com/errata/RHSA-2018:2166\n\nhttps://access.redhat.com/errata/RHSA-2018:2321\n\nhttps://access.redhat.com/errata/RHSA-2018:2585\n\nhttps://access.redhat.com/errata/RHSA-2019:0054\n\n\n\n\u0414\u043b\u044f Ubuntu:\n\nhttps://usn.ubuntu.com/4072-1/\n\n\u0414\u043b\u044f Astra Linux:\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=44892734",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "29.06.2018",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "13.08.2019",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-02880",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-10874",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Enterprise Linux, Ansible Engine",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f\u043c\u0438 Ansible, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f\u043c\u0438 Ansible \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10874.html?_ga=2.143353205.1969003529.1563858569-1618695258.1547637860\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10874\n\nhttps://usn.ubuntu.com/4072-1/\n\nhttps://access.redhat.com/errata/RHBA-2018:3788\n\nhttps://access.redhat.com/errata/RHSA-2018:2150\n\nhttps://access.redhat.com/errata/RHSA-2018:2151\n\nhttps://access.redhat.com/errata/RHSA-2018:2152\n\nhttps://access.redhat.com/errata/RHSA-2018:2166\n\nhttps://access.redhat.com/errata/RHSA-2018:2321\n\nhttps://access.redhat.com/errata/RHSA-2018:2585\n\nhttps://access.redhat.com/errata/RHSA-2019:0054\n\nhttps://www.cvedetails.com/cve/CVE-2018-10874/\n\nhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=44892734",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)"
}
CNVD-2018-12548
Vulnerability from cnvd - Published: 2018-07-04
VLAI Severity ?
Title
Ansible任意代码执行漏洞(CNVD-2018-12548)
Description
Ansible是美国Ansible公司的一款计算机系统配置管理器,它可用于发布、管理和编排计算机系统。
Ansible中存在安全漏洞。攻击者可利用该漏洞执行任意代码。
Severity
高
Formal description
目前厂商暂未发布修复措施解决此安全问题,建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法: https://www.ansible.com/
Reference
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874
Impacted products
| Name | Ansible ansible |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-10874"
}
},
"description": "Ansible\u662f\u7f8e\u56fdAnsible\u516c\u53f8\u7684\u4e00\u6b3e\u8ba1\u7b97\u673a\u7cfb\u7edf\u914d\u7f6e\u7ba1\u7406\u5668\uff0c\u5b83\u53ef\u7528\u4e8e\u53d1\u5e03\u3001\u7ba1\u7406\u548c\u7f16\u6392\u8ba1\u7b97\u673a\u7cfb\u7edf\u3002\r\n\r\nAnsible\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
"discovererName": "Adam Mari\u0161",
"formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttps://www.ansible.com/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-12548",
"openTime": "2018-07-04",
"products": {
"product": "Ansible ansible"
},
"referenceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874",
"serverity": "\u9ad8",
"submitTime": "2018-07-04",
"title": "Ansible\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2018-12548\uff09"
}
FKIE_CVE-2018-10874
Vulnerability from fkie_nvd - Published: 2018-07-02 13:29 - Updated: 2024-11-21 03:42
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | ansible_engine | 2.0 | |
| redhat | ansible_engine | 2.4 | |
| redhat | ansible_engine | 2.5 | |
| redhat | ansible_engine | 2.6 | |
| redhat | openstack | 10 | |
| redhat | openstack | 12 | |
| redhat | openstack | 13 | |
| redhat | virtualization | 4.0 | |
| redhat | virtualization_host | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8989CD03-49A1-4831-BF98-9F21592788BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible_engine:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5864D753-2A37-4800-A73E-6ACA0662B605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible_engine:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4C5A40D5-4DF7-43D9-962E-1529D2DF198D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible_engine:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13BACD7C-AC7E-4D86-8D9B-ABB614005D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*",
"matchCriteriaId": "E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4AC996-B340-4A14-86F7-FF83B4D5EC8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*",
"matchCriteriaId": "704CFA1A-953E-4105-BFBE-406034B83DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB28F9AF-3D06-4532-B397-96D7E4792503",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker\u0027s control, allowing to run arbitrary code as a result."
},
{
"lang": "es",
"value": "En Ansible, se ha descubierto que las variables de inventario se cargan desde el directorio de trabajo actual cuando se ejecutan comandos ad-hoc bajo el control del atacante, lo que permite la ejecuci\u00f3n de c\u00f3digo arbitrario como resultado."
}
],
"id": "CVE-2018-10874",
"lastModified": "2024-11-21T03:42:11.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-02T13:29:00.367",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041396"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2150"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2151"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2152"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2166"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2321"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2585"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0054"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874"
},
{
"source": "secalert@redhat.com",
"url": "https://usn.ubuntu.com/4072-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4072-1/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
GHSA-3XVG-X47J-X75W
Vulnerability from github – Published: 2022-05-13 01:07 – Updated: 2024-09-09 21:00
VLAI?
Summary
Ansible Improper Input Validation vulnerability
Details
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "ansible"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.6.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "ansible"
},
"ranges": [
{
"events": [
{
"introduced": "2.5"
},
{
"fixed": "2.5.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "ansible"
},
"ranges": [
{
"events": [
{
"introduced": "2.6"
},
{
"fixed": "2.6.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-10874"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-426"
],
"github_reviewed": true,
"github_reviewed_at": "2023-02-08T18:08:29Z",
"nvd_published_at": "2018-07-02T13:29:00Z",
"severity": "HIGH"
},
"details": "In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker\u0027s control, allowing to run arbitrary code as a result.",
"id": "GHSA-3xvg-x47j-x75w",
"modified": "2024-09-09T21:00:14Z",
"published": "2022-05-13T01:07:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10874"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/pull/42067"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/commit/44874addc7ea136f83c67d5869047ece02645fdb"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/commit/1f80949f964a946773f9d3ac1899535bd2cc2b8e"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/commit/10d6fe6c98cfee9a7be0fea6102ba5dec951aec7"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20201130165946/http://www.securitytracker.com/id/1041396"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4072-1"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-81.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/ansible/ansible"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596528"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2018-10874"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:0054"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2585"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2321"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2166"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2152"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2151"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2150"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Ansible Improper Input Validation vulnerability"
}
GSD-2018-10874
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-10874",
"description": "In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker\u0027s control, allowing to run arbitrary code as a result.",
"id": "GSD-2018-10874",
"references": [
"https://www.suse.com/security/cve/CVE-2018-10874.html",
"https://access.redhat.com/errata/RHSA-2019:0054",
"https://access.redhat.com/errata/RHBA-2018:3788",
"https://access.redhat.com/errata/RHSA-2018:2585",
"https://access.redhat.com/errata/RHSA-2018:2321",
"https://access.redhat.com/errata/RHSA-2018:2166",
"https://access.redhat.com/errata/RHSA-2018:2152",
"https://access.redhat.com/errata/RHSA-2018:2151",
"https://access.redhat.com/errata/RHSA-2018:2150",
"https://ubuntu.com/security/CVE-2018-10874",
"https://advisories.mageia.org/CVE-2018-10874.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-10874"
],
"details": "In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker\u0027s control, allowing to run arbitrary code as a result.",
"id": "GSD-2018-10874",
"modified": "2023-12-13T01:22:40.955661Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ansible",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker\u0027s control, allowing to run arbitrary code as a result."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-426",
"lang": "eng",
"value": "CWE-426"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securitytracker.com/id/1041396",
"refsource": "MISC",
"url": "http://www.securitytracker.com/id/1041396"
},
{
"name": "https://access.redhat.com/errata/RHBA-2018:3788",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
},
{
"name": "https://access.redhat.com/errata/RHSA-2018:2150",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2018:2150"
},
{
"name": "https://access.redhat.com/errata/RHSA-2018:2151",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2018:2151"
},
{
"name": "https://access.redhat.com/errata/RHSA-2018:2152",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2018:2152"
},
{
"name": "https://access.redhat.com/errata/RHSA-2018:2166",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2018:2166"
},
{
"name": "https://access.redhat.com/errata/RHSA-2018:2321",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2018:2321"
},
{
"name": "https://access.redhat.com/errata/RHSA-2018:2585",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2018:2585"
},
{
"name": "https://access.redhat.com/errata/RHSA-2019:0054",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2019:0054"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874"
},
{
"name": "https://usn.ubuntu.com/4072-1/",
"refsource": "MISC",
"url": "https://usn.ubuntu.com/4072-1/"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "==2.0||\u003e=2.4,\u003c=2.6",
"affected_versions": "Version 2.0, all versions starting from 2.4 up to 2.6",
"cvss_v2": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-937"
],
"date": "2019-07-25",
"description": "In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker\u0027s control. The attacker can run arbitrary code as a result.",
"fixed_versions": [
"2.0.0.1",
"2.6.1"
],
"identifier": "CVE-2018-10874",
"identifiers": [
"CVE-2018-10874"
],
"not_impacted": "All versions before 2.0, all versions after 2.0 before 2.4, all versions after 2.6",
"package_slug": "pypi/ansible",
"pubdate": "2018-07-02",
"solution": "Upgrade to versions 2.0.0.1, 2.6.1 or above.",
"title": "Improper Input Validation",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-10874",
"http://www.securitytracker.com/id/1041396",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874"
],
"uuid": "094a51ef-538c-4c94-b78c-28f497c9828d"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:ansible_engine:2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:ansible_engine:2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:ansible_engine:2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10874"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker\u0027s control, allowing to run arbitrary code as a result."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874"
},
{
"name": "RHSA-2018:2166",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2166"
},
{
"name": "RHSA-2018:2152",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2152"
},
{
"name": "RHSA-2018:2151",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2151"
},
{
"name": "RHSA-2018:2150",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2150"
},
{
"name": "RHSA-2018:2321",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2321"
},
{
"name": "1041396",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041396"
},
{
"name": "RHSA-2018:2585",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2585"
},
{
"name": "RHBA-2018:3788",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
},
{
"name": "RHSA-2019:0054",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0054"
},
{
"name": "USN-4072-1",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/4072-1/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-02-13T04:51Z",
"publishedDate": "2018-07-02T13:29Z"
}
}
}
PYSEC-2018-81
Vulnerability from pysec - Published: 2018-07-02 13:29 - Updated: 2021-11-11 23:46
VLAI?
Details
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
Impacted products
| Name | purl | ansible | pkg:pypi/ansible |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "ansible",
"purl": "pkg:pypi/ansible"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.6.0"
},
{
"introduced": "2.5"
},
{
"fixed": "2.5.6"
},
{
"introduced": "2.6"
},
{
"fixed": "2.6.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.0",
"1.1",
"1.2",
"1.2.1",
"1.2.2",
"1.2.3",
"1.3.0",
"1.3.1",
"1.3.2",
"1.3.3",
"1.3.4",
"1.4",
"1.4.1",
"1.4.2",
"1.4.3",
"1.4.4",
"1.4.5",
"1.5",
"1.5.1",
"1.5.2",
"1.5.3",
"1.5.4",
"1.5.5",
"1.6",
"1.6.1",
"1.6.10",
"1.6.2",
"1.6.3",
"1.6.4",
"1.6.5",
"1.6.6",
"1.6.7",
"1.6.8",
"1.6.9",
"1.7",
"1.7.1",
"1.7.2",
"1.8",
"1.8.1",
"1.8.2",
"1.8.3",
"1.8.4",
"1.9.0",
"1.9.0.1",
"1.9.1",
"1.9.2",
"1.9.3",
"1.9.4",
"1.9.5",
"1.9.6",
"2.0.0",
"2.0.0.0",
"2.0.0.1",
"2.0.0.2",
"2.0.1.0",
"2.0.2.0",
"2.1.0.0",
"2.1.1.0",
"2.1.2.0",
"2.1.3.0",
"2.1.4.0",
"2.1.5.0",
"2.1.6.0",
"2.2.0.0",
"2.2.1.0",
"2.2.2.0",
"2.2.3.0",
"2.3.0.0",
"2.3.1.0",
"2.3.2.0",
"2.3.3.0",
"2.4.0.0",
"2.4.1.0",
"2.4.2.0",
"2.4.3.0",
"2.4.4.0",
"2.4.5.0",
"2.5.0",
"2.5.1",
"2.5.2",
"2.5.3",
"2.5.4",
"2.5.5",
"2.6.0"
]
}
],
"aliases": [
"CVE-2018-10874"
],
"details": "In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker\u0027s control, allowing to run arbitrary code as a result.",
"id": "PYSEC-2018-81",
"modified": "2021-11-11T23:46:36.679476Z",
"published": "2018-07-02T13:29:00Z",
"references": [
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2018:2166"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2018:2152"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2018:2151"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2018:2150"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2018:2321"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041396"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2018:2585"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2019:0054"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4072-1/"
}
]
}
RHBA-2018:3788
Vulnerability from csaf_redhat - Published: 2018-12-05 19:01 - Updated: 2026-02-20 16:30Summary
Red Hat Bug Fix Advisory: Red Hat OpenStack Platform 12 Bug Fix and Enhancement Advisory
Severity
Moderate
Notes
Topic: Updated packages that resolve various issues are now available for Red Hat
OpenStack Platform 12.0 (Pike) for RHEL 7.
Details: Red Hat OpenStack Platform provides the facilities for building, deploying
and monitoring a private or public infrastructure-as-a-service (IaaS) cloud
running on commonly available physical hardware.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.
5.9 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that ansible.cfg is being read from the current working directory, which can be made to point to plugin or module paths that are under control of the attacker. This could allow an attacker to execute arbitrary code.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
17 references
Acknowledgments
BMW Car IT GmbH
Tobias Henkel
OSAS
Michael Scherer
Red Hat
Brian Coca
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated packages that resolve various issues are now available for Red Hat\nOpenStack Platform 12.0 (Pike) for RHEL 7.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenStack Platform provides the facilities for building, deploying\nand monitoring a private or public infrastructure-as-a-service (IaaS) cloud\nrunning on commonly available physical hardware.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2018:3788",
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
},
{
"category": "external",
"summary": "1568591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568591"
},
{
"category": "external",
"summary": "1644801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644801"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhba-2018_3788.json"
}
],
"title": "Red Hat Bug Fix Advisory: Red Hat OpenStack Platform 12 Bug Fix and Enhancement Advisory",
"tracking": {
"current_release_date": "2026-02-20T16:30:23+00:00",
"generator": {
"date": "2026-02-20T16:30:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHBA-2018:3788",
"initial_release_date": "2018-12-05T19:01:13+00:00",
"revision_history": [
{
"date": "2018-12-05T19:01:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-12-05T19:01:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-20T16:30:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 12.0",
"product": {
"name": "Red Hat OpenStack Platform 12.0",
"product_id": "7Server-RH7-RHOS-12.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:12::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-0:2.4.6.0-1.el7ae.src",
"product": {
"name": "ansible-0:2.4.6.0-1.el7ae.src",
"product_id": "ansible-0:2.4.6.0-1.el7ae.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible@2.4.6.0-1.el7ae?arch=src"
}
}
},
{
"category": "product_version",
"name": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src",
"product": {
"name": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src",
"product_id": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-role-redhat-subscription@1.0.1-4.el7ost?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-0:2.4.6.0-1.el7ae.noarch",
"product": {
"name": "ansible-0:2.4.6.0-1.el7ae.noarch",
"product_id": "ansible-0:2.4.6.0-1.el7ae.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible@2.4.6.0-1.el7ae?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"product": {
"name": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"product_id": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-role-redhat-subscription@1.0.1-4.el7ost?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.4.6.0-1.el7ae.noarch as a component of Red Hat OpenStack Platform 12.0",
"product_id": "7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch"
},
"product_reference": "ansible-0:2.4.6.0-1.el7ae.noarch",
"relates_to_product_reference": "7Server-RH7-RHOS-12.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.4.6.0-1.el7ae.src as a component of Red Hat OpenStack Platform 12.0",
"product_id": "7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src"
},
"product_reference": "ansible-0:2.4.6.0-1.el7ae.src",
"relates_to_product_reference": "7Server-RH7-RHOS-12.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch as a component of Red Hat OpenStack Platform 12.0",
"product_id": "7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch"
},
"product_reference": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"relates_to_product_reference": "7Server-RH7-RHOS-12.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src as a component of Red Hat OpenStack Platform 12.0",
"product_id": "7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
},
"product_reference": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src",
"relates_to_product_reference": "7Server-RH7-RHOS-12.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Tobias Henkel"
],
"organization": "BMW Car IT GmbH"
}
],
"cve": "CVE-2018-10855",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2018-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1588855"
}
],
"notes": [
{
"category": "description",
"text": "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10855"
},
{
"category": "external",
"summary": "RHBZ#1588855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588855"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10855",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10855"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855"
},
{
"category": "external",
"summary": "https://github.com/ansible/ansible/pull/41414",
"url": "https://github.com/ansible/ansible/pull/41414"
}
],
"release_date": "2018-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-12-05T19:01:13+00:00",
"details": "Before applying this update, ensure all previously released errata relevant\nto your system have been applied.\n\nRed Hat OpenStack Platform 12 runs on Red Hat Enterprise Linux 7.5.\n\nThe Red Hat OpenStack Platform 12 Release Notes contain the following:\n* An explanation of the way in which the provided components interact to\nform a working cloud computing environment.\n* Technology Previews, Recommended Practices, and Known Issues.\n* The channels required for Red Hat OpenStack Platform 12, including which\nchannels need to be enabled and disabled.\n\nThe Release Notes are available at:\nhttps://access.redhat.com/documentation/en-us/red_hat_openstack_platform/12/html/release_notes/\n\nThis update is available through \u0027yum update\u0027 on systems registered through\nRed Hat Subscription Manager. For more information about Red Hat\nSubscription Manager, see:\n\nhttps://access.redhat.com/documentation/en-US/Red_Hat_Subscription_Management/1/html/RHSM/index.html",
"product_ids": [
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs"
},
{
"acknowledgments": [
{
"names": [
"Michael Scherer"
],
"organization": "OSAS"
}
],
"cve": "CVE-2018-10874",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-06-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1596528"
}
],
"notes": [
{
"category": "description",
"text": "In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker\u0027s control, allowing to run arbitrary code as a result.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10874"
},
{
"category": "external",
"summary": "RHBZ#1596528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10874",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10874"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10874",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10874"
}
],
"release_date": "2018-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-12-05T19:01:13+00:00",
"details": "Before applying this update, ensure all previously released errata relevant\nto your system have been applied.\n\nRed Hat OpenStack Platform 12 runs on Red Hat Enterprise Linux 7.5.\n\nThe Red Hat OpenStack Platform 12 Release Notes contain the following:\n* An explanation of the way in which the provided components interact to\nform a working cloud computing environment.\n* Technology Previews, Recommended Practices, and Known Issues.\n* The channels required for Red Hat OpenStack Platform 12, including which\nchannels need to be enabled and disabled.\n\nThe Release Notes are available at:\nhttps://access.redhat.com/documentation/en-us/red_hat_openstack_platform/12/html/release_notes/\n\nThis update is available through \u0027yum update\u0027 on systems registered through\nRed Hat Subscription Manager. For more information about Red Hat\nSubscription Manager, see:\n\nhttps://access.redhat.com/documentation/en-US/Red_Hat_Subscription_Management/1/html/RHSM/index.html",
"product_ids": [
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution"
},
{
"acknowledgments": [
{
"names": [
"Brian Coca"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2018-10875",
"cwe": {
"id": "CWE-426",
"name": "Untrusted Search Path"
},
"discovery_date": "2018-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1596533"
}
],
"notes": [
{
"category": "description",
"text": "It was found that ansible.cfg is being read from the current working directory, which can be made to point to plugin or module paths that are under control of the attacker. This could allow an attacker to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: ansible.cfg is being read from current working directory allowing possible code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10875"
},
{
"category": "external",
"summary": "RHBZ#1596533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596533"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10875",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10875"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10875",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10875"
}
],
"release_date": "2018-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-12-05T19:01:13+00:00",
"details": "Before applying this update, ensure all previously released errata relevant\nto your system have been applied.\n\nRed Hat OpenStack Platform 12 runs on Red Hat Enterprise Linux 7.5.\n\nThe Red Hat OpenStack Platform 12 Release Notes contain the following:\n* An explanation of the way in which the provided components interact to\nform a working cloud computing environment.\n* Technology Previews, Recommended Practices, and Known Issues.\n* The channels required for Red Hat OpenStack Platform 12, including which\nchannels need to be enabled and disabled.\n\nThe Release Notes are available at:\nhttps://access.redhat.com/documentation/en-us/red_hat_openstack_platform/12/html/release_notes/\n\nThis update is available through \u0027yum update\u0027 on systems registered through\nRed Hat Subscription Manager. For more information about Red Hat\nSubscription Manager, see:\n\nhttps://access.redhat.com/documentation/en-US/Red_Hat_Subscription_Management/1/html/RHSM/index.html",
"product_ids": [
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: ansible.cfg is being read from current working directory allowing possible code execution"
}
]
}
RHBA-2018_3788
Vulnerability from csaf_redhat - Published: 2018-12-05 19:01 - Updated: 2024-11-14 23:32Summary
Red Hat Bug Fix Advisory: Red Hat OpenStack Platform 12 Bug Fix and Enhancement Advisory
Severity
Moderate
Notes
Topic: Updated packages that resolve various issues are now available for Red Hat
OpenStack Platform 12.0 (Pike) for RHEL 7.
Details: Red Hat OpenStack Platform provides the facilities for building, deploying
and monitoring a private or public infrastructure-as-a-service (IaaS) cloud
running on commonly available physical hardware.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.
5.9 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that ansible.cfg is being read from the current working directory, which can be made to point to plugin or module paths that are under control of the attacker. This could allow an attacker to execute arbitrary code.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
17 references
Acknowledgments
BMW Car IT GmbH
Tobias Henkel
OSAS
Michael Scherer
Red Hat
Brian Coca
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated packages that resolve various issues are now available for Red Hat\nOpenStack Platform 12.0 (Pike) for RHEL 7.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenStack Platform provides the facilities for building, deploying\nand monitoring a private or public infrastructure-as-a-service (IaaS) cloud\nrunning on commonly available physical hardware.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2018:3788",
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
},
{
"category": "external",
"summary": "1568591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568591"
},
{
"category": "external",
"summary": "1644801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644801"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhba-2018_3788.json"
}
],
"title": "Red Hat Bug Fix Advisory: Red Hat OpenStack Platform 12 Bug Fix and Enhancement Advisory",
"tracking": {
"current_release_date": "2024-11-14T23:32:57+00:00",
"generator": {
"date": "2024-11-14T23:32:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHBA-2018:3788",
"initial_release_date": "2018-12-05T19:01:13+00:00",
"revision_history": [
{
"date": "2018-12-05T19:01:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-12-05T19:01:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T23:32:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 12.0",
"product": {
"name": "Red Hat OpenStack Platform 12.0",
"product_id": "7Server-RH7-RHOS-12.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:12::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-0:2.4.6.0-1.el7ae.src",
"product": {
"name": "ansible-0:2.4.6.0-1.el7ae.src",
"product_id": "ansible-0:2.4.6.0-1.el7ae.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible@2.4.6.0-1.el7ae?arch=src"
}
}
},
{
"category": "product_version",
"name": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src",
"product": {
"name": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src",
"product_id": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-role-redhat-subscription@1.0.1-4.el7ost?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-0:2.4.6.0-1.el7ae.noarch",
"product": {
"name": "ansible-0:2.4.6.0-1.el7ae.noarch",
"product_id": "ansible-0:2.4.6.0-1.el7ae.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible@2.4.6.0-1.el7ae?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"product": {
"name": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"product_id": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-role-redhat-subscription@1.0.1-4.el7ost?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.4.6.0-1.el7ae.noarch as a component of Red Hat OpenStack Platform 12.0",
"product_id": "7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch"
},
"product_reference": "ansible-0:2.4.6.0-1.el7ae.noarch",
"relates_to_product_reference": "7Server-RH7-RHOS-12.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.4.6.0-1.el7ae.src as a component of Red Hat OpenStack Platform 12.0",
"product_id": "7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src"
},
"product_reference": "ansible-0:2.4.6.0-1.el7ae.src",
"relates_to_product_reference": "7Server-RH7-RHOS-12.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch as a component of Red Hat OpenStack Platform 12.0",
"product_id": "7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch"
},
"product_reference": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"relates_to_product_reference": "7Server-RH7-RHOS-12.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src as a component of Red Hat OpenStack Platform 12.0",
"product_id": "7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
},
"product_reference": "ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src",
"relates_to_product_reference": "7Server-RH7-RHOS-12.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Tobias Henkel"
],
"organization": "BMW Car IT GmbH"
}
],
"cve": "CVE-2018-10855",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2018-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1588855"
}
],
"notes": [
{
"category": "description",
"text": "Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10855"
},
{
"category": "external",
"summary": "RHBZ#1588855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588855"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10855",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10855"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10855"
},
{
"category": "external",
"summary": "https://github.com/ansible/ansible/pull/41414",
"url": "https://github.com/ansible/ansible/pull/41414"
}
],
"release_date": "2018-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-12-05T19:01:13+00:00",
"details": "Before applying this update, ensure all previously released errata relevant\nto your system have been applied.\n\nRed Hat OpenStack Platform 12 runs on Red Hat Enterprise Linux 7.5.\n\nThe Red Hat OpenStack Platform 12 Release Notes contain the following:\n* An explanation of the way in which the provided components interact to\nform a working cloud computing environment.\n* Technology Previews, Recommended Practices, and Known Issues.\n* The channels required for Red Hat OpenStack Platform 12, including which\nchannels need to be enabled and disabled.\n\nThe Release Notes are available at:\nhttps://access.redhat.com/documentation/en-us/red_hat_openstack_platform/12/html/release_notes/\n\nThis update is available through \u0027yum update\u0027 on systems registered through\nRed Hat Subscription Manager. For more information about Red Hat\nSubscription Manager, see:\n\nhttps://access.redhat.com/documentation/en-US/Red_Hat_Subscription_Management/1/html/RHSM/index.html",
"product_ids": [
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs"
},
{
"acknowledgments": [
{
"names": [
"Michael Scherer"
],
"organization": "OSAS"
}
],
"cve": "CVE-2018-10874",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-06-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1596528"
}
],
"notes": [
{
"category": "description",
"text": "In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker\u0027s control, allowing to run arbitrary code as a result.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10874"
},
{
"category": "external",
"summary": "RHBZ#1596528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10874",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10874"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10874",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10874"
}
],
"release_date": "2018-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-12-05T19:01:13+00:00",
"details": "Before applying this update, ensure all previously released errata relevant\nto your system have been applied.\n\nRed Hat OpenStack Platform 12 runs on Red Hat Enterprise Linux 7.5.\n\nThe Red Hat OpenStack Platform 12 Release Notes contain the following:\n* An explanation of the way in which the provided components interact to\nform a working cloud computing environment.\n* Technology Previews, Recommended Practices, and Known Issues.\n* The channels required for Red Hat OpenStack Platform 12, including which\nchannels need to be enabled and disabled.\n\nThe Release Notes are available at:\nhttps://access.redhat.com/documentation/en-us/red_hat_openstack_platform/12/html/release_notes/\n\nThis update is available through \u0027yum update\u0027 on systems registered through\nRed Hat Subscription Manager. For more information about Red Hat\nSubscription Manager, see:\n\nhttps://access.redhat.com/documentation/en-US/Red_Hat_Subscription_Management/1/html/RHSM/index.html",
"product_ids": [
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution"
},
{
"acknowledgments": [
{
"names": [
"Brian Coca"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2018-10875",
"cwe": {
"id": "CWE-426",
"name": "Untrusted Search Path"
},
"discovery_date": "2018-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1596533"
}
],
"notes": [
{
"category": "description",
"text": "It was found that ansible.cfg is being read from the current working directory, which can be made to point to plugin or module paths that are under control of the attacker. This could allow an attacker to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: ansible.cfg is being read from current working directory allowing possible code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10875"
},
{
"category": "external",
"summary": "RHBZ#1596533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596533"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10875",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10875"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10875",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10875"
}
],
"release_date": "2018-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-12-05T19:01:13+00:00",
"details": "Before applying this update, ensure all previously released errata relevant\nto your system have been applied.\n\nRed Hat OpenStack Platform 12 runs on Red Hat Enterprise Linux 7.5.\n\nThe Red Hat OpenStack Platform 12 Release Notes contain the following:\n* An explanation of the way in which the provided components interact to\nform a working cloud computing environment.\n* Technology Previews, Recommended Practices, and Known Issues.\n* The channels required for Red Hat OpenStack Platform 12, including which\nchannels need to be enabled and disabled.\n\nThe Release Notes are available at:\nhttps://access.redhat.com/documentation/en-us/red_hat_openstack_platform/12/html/release_notes/\n\nThis update is available through \u0027yum update\u0027 on systems registered through\nRed Hat Subscription Manager. For more information about Red Hat\nSubscription Manager, see:\n\nhttps://access.redhat.com/documentation/en-US/Red_Hat_Subscription_Management/1/html/RHSM/index.html",
"product_ids": [
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.noarch",
"7Server-RH7-RHOS-12.0:ansible-0:2.4.6.0-1.el7ae.src",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.noarch",
"7Server-RH7-RHOS-12.0:ansible-role-redhat-subscription-0:1.0.1-4.el7ost.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: ansible.cfg is being read from current working directory allowing possible code execution"
}
]
}
RHSA-2018:2150
Vulnerability from csaf_redhat - Published: 2018-07-10 09:49 - Updated: 2026-02-20 16:30Summary
Red Hat Security Advisory: ansible security and bug fix update
Severity
Moderate
Notes
Topic: An update for ansible is now available for Ansible Engine 2.5.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
The following packages have been upgraded to a newer upstream version: ansible (2.5.6)
Security fix(es):
* ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution (CVE-2018-10874)
* ansible: ansible.cfg is being read from current working directory allowing possible code execution (CVE-2018-10875)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
This issue was discovered by Brian Coca (Red Hat), and Michael Scherer (OSAS).
Bug Fix(es):
* Restore module_utils.basic.BOOLEANS variable for backwards compatibility with the module API in older ansible releases.
* lineinfile - add warning when using an empty regexp (https://github.com/ansible/ansible/issues/29443)
* apt - fix apt-mark on debian6 (https://github.com/ansible/ansible/pull/41530)
* copy module - fixed recursive copy with relative paths (https://github.com/ansible/ansible/pull/40166)
* correct debug display for all cases https://github.com/ansible/ansible/pull/41331
* eos_l2_interface - fix eapi (https://github.com/ansible/ansible/pull/42270)
* group_by - support implicit localhost (https://github.com/ansible/ansible/pull/41860)
* influxdb_query - fixed the use of the common return 'results' caused an unexpected fault. The return is renamed to 'query_results'
* junos_config - fix confirm commit timeout issue (https://github.com/ansible/ansible/pull/41527)
* lineinfile - fix insertbefore when used with BOF to not insert duplicate lines (https://github.com/ansible/ansible/issues/38219)
* nsupdate - allow hmac-sha384 https://github.com/ansible/ansible/pull/42209
* nxos_linkagg - fix issue (https://github.com/ansible/ansible/pull/41550).
* nxos_vxlan_vtep_vni - fix issue (https://github.com/ansible/ansible/pull/42240)
* uses correct conn info for reset_connection https://github.com/ansible/ansible/issues/27520
* correct service facts systemd detection of state https://github.com/ansible/ansible/issues/40809
* correctly check hostvars for vars term https://github.com/ansible/ansible/pull/41819
* vyos_vlan - fix aggregate configuration issues (https://github.com/ansible/ansible/pull/41638)
* win_domain - fixes typo in one of the AD cmdlets https://github.com/ansible/ansible/issues/41536
* win_iis_webapppool - redirect some module output to null so Ansible can read the output JSON https://github.com/ansible/ansible/issues/40874
* win_updates - Fixed issue where running win_updates on async fails without any error
* winrm - ensure pexpect is set to not echo the input on a failure and have a manual sanity check afterwards https://github.com/ansible/ansible/issues/41865
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
7.8 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-2.5:ansible-0:2.5.6-1.el7ae.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Ansible-2.5:ansible-0:2.5.6-1.el7ae.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Ansible-2.5:ansible-doc-0:2.5.6-1.el7ae.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that ansible.cfg is being read from the current working directory, which can be made to point to plugin or module paths that are under control of the attacker. This could allow an attacker to execute arbitrary code.
7.8 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Ansible-2.5:ansible-0:2.5.6-1.el7ae.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Ansible-2.5:ansible-0:2.5.6-1.el7ae.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Ansible-2.5:ansible-doc-0:2.5.6-1.el7ae.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
13 references
Acknowledgments
OSAS
Michael Scherer
Red Hat
Brian Coca
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for ansible is now available for Ansible Engine 2.5.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.\n\nThe following packages have been upgraded to a newer upstream version: ansible (2.5.6)\n\nSecurity fix(es):\n\n* ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution (CVE-2018-10874)\n\n* ansible: ansible.cfg is being read from current working directory allowing possible code execution (CVE-2018-10875)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nThis issue was discovered by Brian Coca (Red Hat), and Michael Scherer (OSAS).\n\nBug Fix(es):\n\n* Restore module_utils.basic.BOOLEANS variable for backwards compatibility with the module API in older ansible releases.\n\n* lineinfile - add warning when using an empty regexp (https://github.com/ansible/ansible/issues/29443)\n\n* apt - fix apt-mark on debian6 (https://github.com/ansible/ansible/pull/41530)\n\n* copy module - fixed recursive copy with relative paths (https://github.com/ansible/ansible/pull/40166)\n\n* correct debug display for all cases https://github.com/ansible/ansible/pull/41331\n\n* eos_l2_interface - fix eapi (https://github.com/ansible/ansible/pull/42270)\n\n* group_by - support implicit localhost (https://github.com/ansible/ansible/pull/41860)\n\n* influxdb_query - fixed the use of the common return \u0027results\u0027 caused an unexpected fault. The return is renamed to \u0027query_results\u0027\n\n* junos_config - fix confirm commit timeout issue (https://github.com/ansible/ansible/pull/41527)\n\n* lineinfile - fix insertbefore when used with BOF to not insert duplicate lines (https://github.com/ansible/ansible/issues/38219)\n\n* nsupdate - allow hmac-sha384 https://github.com/ansible/ansible/pull/42209\n\n* nxos_linkagg - fix issue (https://github.com/ansible/ansible/pull/41550).\n\n* nxos_vxlan_vtep_vni - fix issue (https://github.com/ansible/ansible/pull/42240)\n\n* uses correct conn info for reset_connection https://github.com/ansible/ansible/issues/27520\n\n* correct service facts systemd detection of state https://github.com/ansible/ansible/issues/40809\n\n* correctly check hostvars for vars term https://github.com/ansible/ansible/pull/41819\n\n* vyos_vlan - fix aggregate configuration issues (https://github.com/ansible/ansible/pull/41638)\n\n* win_domain - fixes typo in one of the AD cmdlets https://github.com/ansible/ansible/issues/41536\n\n* win_iis_webapppool - redirect some module output to null so Ansible can read the output JSON https://github.com/ansible/ansible/issues/40874\n\n* win_updates - Fixed issue where running win_updates on async fails without any error\n\n* winrm - ensure pexpect is set to not echo the input on a failure and have a manual sanity check afterwards https://github.com/ansible/ansible/issues/41865",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:2150",
"url": "https://access.redhat.com/errata/RHSA-2018:2150"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1596528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596528"
},
{
"category": "external",
"summary": "1596533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596533"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2150.json"
}
],
"title": "Red Hat Security Advisory: ansible security and bug fix update",
"tracking": {
"current_release_date": "2026-02-20T16:30:29+00:00",
"generator": {
"date": "2026-02-20T16:30:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2018:2150",
"initial_release_date": "2018-07-10T09:49:17+00:00",
"revision_history": [
{
"date": "2018-07-10T09:49:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-07-10T09:49:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-20T16:30:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Engine 2.5 for RHEL 7 Server",
"product": {
"name": "Red Hat Ansible Engine 2.5 for RHEL 7 Server",
"product_id": "7Server-Ansible-2.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_engine:2.5::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ansible Engine"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-0:2.5.6-1.el7ae.src",
"product": {
"name": "ansible-0:2.5.6-1.el7ae.src",
"product_id": "ansible-0:2.5.6-1.el7ae.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible@2.5.6-1.el7ae?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-0:2.5.6-1.el7ae.noarch",
"product": {
"name": "ansible-0:2.5.6-1.el7ae.noarch",
"product_id": "ansible-0:2.5.6-1.el7ae.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible@2.5.6-1.el7ae?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ansible-doc-0:2.5.6-1.el7ae.noarch",
"product": {
"name": "ansible-doc-0:2.5.6-1.el7ae.noarch",
"product_id": "ansible-doc-0:2.5.6-1.el7ae.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-doc@2.5.6-1.el7ae?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.5.6-1.el7ae.noarch as a component of Red Hat Ansible Engine 2.5 for RHEL 7 Server",
"product_id": "7Server-Ansible-2.5:ansible-0:2.5.6-1.el7ae.noarch"
},
"product_reference": "ansible-0:2.5.6-1.el7ae.noarch",
"relates_to_product_reference": "7Server-Ansible-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.5.6-1.el7ae.src as a component of Red Hat Ansible Engine 2.5 for RHEL 7 Server",
"product_id": "7Server-Ansible-2.5:ansible-0:2.5.6-1.el7ae.src"
},
"product_reference": "ansible-0:2.5.6-1.el7ae.src",
"relates_to_product_reference": "7Server-Ansible-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-doc-0:2.5.6-1.el7ae.noarch as a component of Red Hat Ansible Engine 2.5 for RHEL 7 Server",
"product_id": "7Server-Ansible-2.5:ansible-doc-0:2.5.6-1.el7ae.noarch"
},
"product_reference": "ansible-doc-0:2.5.6-1.el7ae.noarch",
"relates_to_product_reference": "7Server-Ansible-2.5"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Michael Scherer"
],
"organization": "OSAS"
}
],
"cve": "CVE-2018-10874",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-06-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1596528"
}
],
"notes": [
{
"category": "description",
"text": "In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker\u0027s control, allowing to run arbitrary code as a result.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-2.5:ansible-0:2.5.6-1.el7ae.noarch",
"7Server-Ansible-2.5:ansible-0:2.5.6-1.el7ae.src",
"7Server-Ansible-2.5:ansible-doc-0:2.5.6-1.el7ae.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10874"
},
{
"category": "external",
"summary": "RHBZ#1596528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10874",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10874"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10874",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10874"
}
],
"release_date": "2018-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-07-10T09:49:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-Ansible-2.5:ansible-0:2.5.6-1.el7ae.noarch",
"7Server-Ansible-2.5:ansible-0:2.5.6-1.el7ae.src",
"7Server-Ansible-2.5:ansible-doc-0:2.5.6-1.el7ae.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2150"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-Ansible-2.5:ansible-0:2.5.6-1.el7ae.noarch",
"7Server-Ansible-2.5:ansible-0:2.5.6-1.el7ae.src",
"7Server-Ansible-2.5:ansible-doc-0:2.5.6-1.el7ae.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution"
},
{
"acknowledgments": [
{
"names": [
"Brian Coca"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2018-10875",
"cwe": {
"id": "CWE-426",
"name": "Untrusted Search Path"
},
"discovery_date": "2018-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1596533"
}
],
"notes": [
{
"category": "description",
"text": "It was found that ansible.cfg is being read from the current working directory, which can be made to point to plugin or module paths that are under control of the attacker. This could allow an attacker to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: ansible.cfg is being read from current working directory allowing possible code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-2.5:ansible-0:2.5.6-1.el7ae.noarch",
"7Server-Ansible-2.5:ansible-0:2.5.6-1.el7ae.src",
"7Server-Ansible-2.5:ansible-doc-0:2.5.6-1.el7ae.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10875"
},
{
"category": "external",
"summary": "RHBZ#1596533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596533"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10875",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10875"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10875",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10875"
}
],
"release_date": "2018-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-07-10T09:49:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-Ansible-2.5:ansible-0:2.5.6-1.el7ae.noarch",
"7Server-Ansible-2.5:ansible-0:2.5.6-1.el7ae.src",
"7Server-Ansible-2.5:ansible-doc-0:2.5.6-1.el7ae.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2150"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-Ansible-2.5:ansible-0:2.5.6-1.el7ae.noarch",
"7Server-Ansible-2.5:ansible-0:2.5.6-1.el7ae.src",
"7Server-Ansible-2.5:ansible-doc-0:2.5.6-1.el7ae.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: ansible.cfg is being read from current working directory allowing possible code execution"
}
]
}
RHSA-2018:2151
Vulnerability from csaf_redhat - Published: 2018-07-10 11:33 - Updated: 2026-02-20 16:30Summary
Red Hat Security Advisory: ansible security and bug fix update
Severity
Moderate
Notes
Topic: An update for ansible is now available for Ansible Engine 2.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
The following packages have been upgraded to a newer upstream version: ansible (2.6.1)
Security fix(es):
* ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution (CVE-2018-10874)
* ansible: ansible.cfg is being read from current working directory allowing possible code execution (CVE-2018-10875)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
This issue was discovered by Brian Coca (Red Hat), and Michael Scherer (OSAS).
Bug Fix(es):
* Fix junos_config confirm commit timeout issue (https://github.com/ansible/ansible/pull/41527)
* file module - The touch subcommand had its diff output broken during the 2.6.x development cycle. The patch to fix that broke check mode. This is now fixed (https://github.com/ansible/ansible/issues/42111)
* inventory manager - This fixes required options being populated before the inventory config file is read, so the required options may be set in the config file.
* nsupdate - allow hmac-sha384 https://github.com/ansible/ansible/pull/42209
* win_domain - fixes typo in one of the AD cmdlets https://github.com/ansible/ansible/issues/41536
* win_group_membership - uses the internal Ansible SID conversion logic and uses that when comparing group membership instead of the name https://github.com/ansible/ansible/issues/40649
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
7.8 (High)
Affected products
Threats
Impact
Moderate
It was found that ansible.cfg is being read from the current working directory, which can be made to point to plugin or module paths that are under control of the attacker. This could allow an attacker to execute arbitrary code.
7.8 (High)
Affected products
Threats
Impact
Moderate
References
13 references
Acknowledgments
OSAS
Michael Scherer
Red Hat
Brian Coca
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for ansible is now available for Ansible Engine 2.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.\n\nThe following packages have been upgraded to a newer upstream version: ansible (2.6.1)\n\nSecurity fix(es):\n\n* ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution (CVE-2018-10874)\n\n* ansible: ansible.cfg is being read from current working directory allowing possible code execution (CVE-2018-10875)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nThis issue was discovered by Brian Coca (Red Hat), and Michael Scherer (OSAS).\n\nBug Fix(es):\n\n* Fix junos_config confirm commit timeout issue (https://github.com/ansible/ansible/pull/41527)\n\n* file module - The touch subcommand had its diff output broken during the 2.6.x development cycle. The patch to fix that broke check mode. This is now fixed (https://github.com/ansible/ansible/issues/42111)\n\n* inventory manager - This fixes required options being populated before the inventory config file is read, so the required options may be set in the config file.\n\n* nsupdate - allow hmac-sha384 https://github.com/ansible/ansible/pull/42209\n\n* win_domain - fixes typo in one of the AD cmdlets https://github.com/ansible/ansible/issues/41536\n\n* win_group_membership - uses the internal Ansible SID conversion logic and uses that when comparing group membership instead of the name https://github.com/ansible/ansible/issues/40649",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:2151",
"url": "https://access.redhat.com/errata/RHSA-2018:2151"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1596528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596528"
},
{
"category": "external",
"summary": "1596533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596533"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2151.json"
}
],
"title": "Red Hat Security Advisory: ansible security and bug fix update",
"tracking": {
"current_release_date": "2026-02-20T16:30:29+00:00",
"generator": {
"date": "2026-02-20T16:30:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2018:2151",
"initial_release_date": "2018-07-10T11:33:04+00:00",
"revision_history": [
{
"date": "2018-07-10T11:33:04+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-07-10T11:33:04+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-20T16:30:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Engine 2 for RHEL 7",
"product": {
"name": "Red Hat Ansible Engine 2 for RHEL 7",
"product_id": "7Server-Ansible-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_engine:2::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ansible Engine"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-0:2.6.1-1.el7ae.src",
"product": {
"name": "ansible-0:2.6.1-1.el7ae.src",
"product_id": "ansible-0:2.6.1-1.el7ae.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible@2.6.1-1.el7ae?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-0:2.6.1-1.el7ae.noarch",
"product": {
"name": "ansible-0:2.6.1-1.el7ae.noarch",
"product_id": "ansible-0:2.6.1-1.el7ae.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible@2.6.1-1.el7ae?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.6.1-1.el7ae.noarch as a component of Red Hat Ansible Engine 2 for RHEL 7",
"product_id": "7Server-Ansible-2:ansible-0:2.6.1-1.el7ae.noarch"
},
"product_reference": "ansible-0:2.6.1-1.el7ae.noarch",
"relates_to_product_reference": "7Server-Ansible-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-0:2.6.1-1.el7ae.src as a component of Red Hat Ansible Engine 2 for RHEL 7",
"product_id": "7Server-Ansible-2:ansible-0:2.6.1-1.el7ae.src"
},
"product_reference": "ansible-0:2.6.1-1.el7ae.src",
"relates_to_product_reference": "7Server-Ansible-2"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Michael Scherer"
],
"organization": "OSAS"
}
],
"cve": "CVE-2018-10874",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-06-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1596528"
}
],
"notes": [
{
"category": "description",
"text": "In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker\u0027s control, allowing to run arbitrary code as a result.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-2:ansible-0:2.6.1-1.el7ae.noarch",
"7Server-Ansible-2:ansible-0:2.6.1-1.el7ae.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10874"
},
{
"category": "external",
"summary": "RHBZ#1596528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10874",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10874"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10874",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10874"
}
],
"release_date": "2018-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-07-10T11:33:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-Ansible-2:ansible-0:2.6.1-1.el7ae.noarch",
"7Server-Ansible-2:ansible-0:2.6.1-1.el7ae.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2151"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-Ansible-2:ansible-0:2.6.1-1.el7ae.noarch",
"7Server-Ansible-2:ansible-0:2.6.1-1.el7ae.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution"
},
{
"acknowledgments": [
{
"names": [
"Brian Coca"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2018-10875",
"cwe": {
"id": "CWE-426",
"name": "Untrusted Search Path"
},
"discovery_date": "2018-06-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1596533"
}
],
"notes": [
{
"category": "description",
"text": "It was found that ansible.cfg is being read from the current working directory, which can be made to point to plugin or module paths that are under control of the attacker. This could allow an attacker to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ansible: ansible.cfg is being read from current working directory allowing possible code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Ansible-2:ansible-0:2.6.1-1.el7ae.noarch",
"7Server-Ansible-2:ansible-0:2.6.1-1.el7ae.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10875"
},
{
"category": "external",
"summary": "RHBZ#1596533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596533"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10875",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10875"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10875",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10875"
}
],
"release_date": "2018-06-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-07-10T11:33:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-Ansible-2:ansible-0:2.6.1-1.el7ae.noarch",
"7Server-Ansible-2:ansible-0:2.6.1-1.el7ae.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2151"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-Ansible-2:ansible-0:2.6.1-1.el7ae.noarch",
"7Server-Ansible-2:ansible-0:2.6.1-1.el7ae.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ansible: ansible.cfg is being read from current working directory allowing possible code execution"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…