Lucene search

K

RedhatCVELIST:CVE-2018-10874

HistoryJul 02, 2018 - 1:00 p.m.

CVE-2018-10874

2018-07-0213:00:00

CWE-426

redhat

www.cve.org

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.5%

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker’s control, allowing to run arbitrary code as a result.

CNA Affected

[
  {
    "product": "ansible",
    "vendor": "[UNKNOWN]",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

www.securitytracker.com/id/1041396

access.redhat.com/errata/RHBA-2018:3788

access.redhat.com/errata/RHSA-2018:2150

access.redhat.com/errata/RHSA-2018:2151

access.redhat.com/errata/RHSA-2018:2152

access.redhat.com/errata/RHSA-2018:2166

access.redhat.com/errata/RHSA-2018:2321

access.redhat.com/errata/RHSA-2018:2585

access.redhat.com/errata/RHSA-2019:0054

bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874

usn.ubuntu.com/4072-1/

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.5%

Related for CVELIST:CVE-2018-10874

veracode2 prion1 cve1 debiancve1 osv3 github1 ubuntucve1 ibm1 nvd1 redhatcve1 redhat7 nessus11 mageia1 openvas7 fedora5 ubuntu1