Description
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
CVSS breakdown
CVSS 3.0
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Unknown / ansiblen/a – n/a
References
- VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2018:2166
- VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2018:2152
- MISChttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874
- VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2018:2150
- MISChttp://www.securitytracker.com/id/1041396
- VENDOR_ADVISORYhttps://access.redhat.com/errata/RHBA-2018:3788
- VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2019:0054
- VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2018:2151
- VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2018:2321
- VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2018:2585
- VENDOR_ADVISORYhttps://usn.ubuntu.com/4072-1/