7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
32.8%
Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
The following packages have been upgraded to a newer upstream version: ansible (2.5.6)
Security fix(es):
ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution (CVE-2018-10874)
ansible: ansible.cfg is being read from current working directory allowing possible code execution (CVE-2018-10875)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
This issue was discovered by Brian Coca (Red Hat), and Michael Scherer (OSAS).
Bug Fix(es):
Restore module_utils.basic.BOOLEANS variable for backwards compatibility with the module API in older ansible releases.
lineinfile - add warning when using an empty regexp (https://github.com/ansible/ansible/issues/29443)
apt - fix apt-mark on debian6 (https://github.com/ansible/ansible/pull/41530)
copy module - fixed recursive copy with relative paths (https://github.com/ansible/ansible/pull/40166)
correct debug display for all cases https://github.com/ansible/ansible/pull/41331
eos_l2_interface - fix eapi (https://github.com/ansible/ansible/pull/42270)
group_by - support implicit localhost (https://github.com/ansible/ansible/pull/41860)
influxdb_query - fixed the use of the common return ‘results’ caused an unexpected fault. The return is renamed to ‘query_results’
junos_config - fix confirm commit timeout issue (https://github.com/ansible/ansible/pull/41527)
lineinfile - fix insertbefore when used with BOF to not insert duplicate lines (https://github.com/ansible/ansible/issues/38219)
nsupdate - allow hmac-sha384 https://github.com/ansible/ansible/pull/42209
nxos_linkagg - fix issue (https://github.com/ansible/ansible/pull/41550).
nxos_vxlan_vtep_vni - fix issue (https://github.com/ansible/ansible/pull/42240)
uses correct conn info for reset_connection https://github.com/ansible/ansible/issues/27520
correct service facts systemd detection of state https://github.com/ansible/ansible/issues/40809
correctly check hostvars for vars term https://github.com/ansible/ansible/pull/41819
vyos_vlan - fix aggregate configuration issues (https://github.com/ansible/ansible/pull/41638)
win_domain - fixes typo in one of the AD cmdlets https://github.com/ansible/ansible/issues/41536
win_iis_webapppool - redirect some module output to null so Ansible can read the output JSON https://github.com/ansible/ansible/issues/40874
win_updates - Fixed issue where running win_updates on async fails without any error
winrm - ensure pexpect is set to not echo the input on a failure and have a manual sanity check afterwards https://github.com/ansible/ansible/issues/41865
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | noarch | ansible-doc | < 2.5.6-1.el7ae | ansible-doc-2.5.6-1.el7ae.noarch.rpm |
RedHat | 7 | noarch | ansible | < 2.5.6-1.el7ae | ansible-2.5.6-1.el7ae.noarch.rpm |
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
32.8%