Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-10875

Опубликовано: 29 июн. 2018
Источник: redhat
CVSS3: 7.8
EPSS Низкий

Описание

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.

It was found that ansible.cfg is being read from the current working directory, which can be made to point to plugin or module paths that are under control of the attacker. This could allow an attacker to execute arbitrary code.

Отчет

Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5ansibleNot affected
Red Hat Ceph Storage 2ansibleAffected
Red Hat Ceph Storage 3ansibleAffected
Red Hat OpenShift Enterprise 3ansibleWill not fix
Red Hat OpenStack Platform 14 (Rocky)ansibleNot affected
Red Hat Satellite 6ansibleNot affected
Red Hat Storage 3ansibleAffected
Red Hat Ansible Engine 2.4 for RHEL 7ansibleFixedRHSA-2018:215210.07.2018
Red Hat Ansible Engine 2.5 for RHEL 7ansibleFixedRHSA-2018:215010.07.2018
Red Hat Ansible Engine 2.6 for RHEL 7ansibleFixedRHSA-2018:216610.07.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-426
https://bugzilla.redhat.com/show_bug.cgi?id=1596533ansible: ansible.cfg is being read from current working directory allowing possible code execution

EPSS

Процентиль: 13%
0.00043
Низкий

7.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-10875

CVSS3: 7.8
ubuntu
больше 7 лет назад

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.

nvd логотип

CVE-2018-10875

CVSS3: 7.8
nvd
больше 7 лет назад

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.

debian логотип

CVE-2018-10875

CVSS3: 7.8
debian
больше 7 лет назад

A flaw was found in ansible. ansible.cfg is read from the current work ...

github логотип

GHSA-fc4h-467w-46rh

CVSS3: 7.8
github
больше 3 лет назад

Ansible Arbitrary Code Execution

fstec логотип

BDU:2019-00506

CVSS3: 9.8
fstec
больше 7 лет назад

Уязвимость системы управления конфигурациями Ansible, связанная с отсутствием контроля пути поиска конфигурационного файла ansible.cfg, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 13%
0.00043
Низкий

7.8 High

CVSS3