A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
|
History
No history.
Information
Published : 2018-07-13 22:29
Updated : 2024-02-28 16:48
NVD link : CVE-2018-10875
Mitre link : CVE-2018-10875
CVE.ORG link : CVE-2018-10875
JSON object : View
Products Affected
redhat
- ceph_storage
- openstack
- gluster_storage
- virtualization_host
- openshift
- virtualization
- ansible_engine
canonical
- ubuntu_linux
debian
- debian_linux
suse
- suse_linux_enterprise_server
- package_hub
CWE
CWE-426
Untrusted Search Path