CVE-2018-10874

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_engine:2.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_engine:2.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_engine:2.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*

History

21 Nov 2024, 03:42

Type Values Removed Values Added
References () http://www.securitytracker.com/id/1041396 - Third Party Advisory, VDB Entry () http://www.securitytracker.com/id/1041396 - Third Party Advisory, VDB Entry
References () https://access.redhat.com/errata/RHBA-2018:3788 - Vendor Advisory () https://access.redhat.com/errata/RHBA-2018:3788 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2018:2150 - Vendor Advisory () https://access.redhat.com/errata/RHSA-2018:2150 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2018:2151 - Vendor Advisory () https://access.redhat.com/errata/RHSA-2018:2151 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2018:2152 - Vendor Advisory () https://access.redhat.com/errata/RHSA-2018:2152 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2018:2166 - Vendor Advisory () https://access.redhat.com/errata/RHSA-2018:2166 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2018:2321 - Vendor Advisory () https://access.redhat.com/errata/RHSA-2018:2321 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2018:2585 - Vendor Advisory () https://access.redhat.com/errata/RHSA-2018:2585 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2019:0054 - Vendor Advisory () https://access.redhat.com/errata/RHSA-2019:0054 - Vendor Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874 - Issue Tracking, Vendor Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874 - Issue Tracking, Vendor Advisory
References () https://usn.ubuntu.com/4072-1/ - () https://usn.ubuntu.com/4072-1/ -

Information

Published : 2018-07-02 13:29

Updated : 2024-11-21 03:42


NVD link : CVE-2018-10874

Mitre link : CVE-2018-10874

CVE.ORG link : CVE-2018-10874


JSON object : View

Products Affected

redhat

  • ansible_engine
  • openstack
  • virtualization_host
  • virtualization
CWE
CWE-426

Untrusted Search Path

CWE-20

Improper Input Validation