CVE-2018-10875

Current Description

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.

Basic Data

PublishedJuly 13, 2018
Last ModifiedMay 29, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-426
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score4.6
SeverityMEDIUM
Exploitability Score3.9
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatAnsible Engine2.0*******
    2.3ApplicationRedhatAnsible Engine2.4*******
    2.3ApplicationRedhatAnsible Engine2.5*******
    2.3ApplicationRedhatAnsible Engine2.6*******
    2.3ApplicationRedhatCeph Storage2.0*******
    2.3ApplicationRedhatCeph Storage3.0*******
    2.3ApplicationRedhatGluster Storage3.0.0*******
    2.3ApplicationRedhatOpenshift3.0***enterprise***
    2.3ApplicationRedhatOpenstack10*******
    2.3ApplicationRedhatOpenstack12*******
    2.3ApplicationRedhatOpenstack13.0*******
    2.3ApplicationRedhatVirtualization4.0*******
    2.3ApplicationRedhatVirtualization Host4.0*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSDebianDebian Linux9.0*******
  • AND
    • OR - Configuration 3
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationSusePackage Hub-*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSSuseSuse Linux Enterprise Server12*******
  • OR - Configuration 4
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSCanonicalUbuntu Linux16.04***lts***
    2.3OSCanonicalUbuntu Linux18.04***lts***
    2.3OSCanonicalUbuntu Linux19.04*******
    2.3OSDebianDebian Linux8.0*******

Vulnerable Software List

VendorProductVersions
Debian Debian Linux 8.0, 9.0
Redhat Ceph Storage 2.0, 3.0
Redhat Openstack 10, 12, 13.0
Redhat Virtualization Host 4.0
Redhat Gluster Storage 3.0.0
Redhat Openshift 3.0
Redhat Ansible Engine 2.0, 2.4, 2.5, 2.6
Redhat Virtualization 4.0
Canonical Ubuntu Linux 16.04, 18.04, 19.04
Suse Package Hub -

References

NameSourceURLTags
openSUSE-SU-2019:1125http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.htmlSUSEThird Party Advisory
1041396http://www.securitytracker.com/id/1041396SECTRACKThird Party Advisory VDB Entry
RHBA-2018:3788https://access.redhat.com/errata/RHBA-2018:3788REDHATThird Party Advisory
RHSA-2018:2150https://access.redhat.com/errata/RHSA-2018:2150REDHATThird Party Advisory
RHSA-2018:2151https://access.redhat.com/errata/RHSA-2018:2151REDHATThird Party Advisory
RHSA-2018:2152https://access.redhat.com/errata/RHSA-2018:2152REDHATThird Party Advisory
RHSA-2018:2166https://access.redhat.com/errata/RHSA-2018:2166REDHATThird Party Advisory
RHSA-2018:2321https://access.redhat.com/errata/RHSA-2018:2321REDHATThird Party Advisory
RHSA-2018:2585https://access.redhat.com/errata/RHSA-2018:2585REDHATThird Party Advisory
RHSA-2019:0054https://access.redhat.com/errata/RHSA-2019:0054REDHATThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875CONFIRMIssue Tracking Third Party Advisory
[debian-lts-announce] 20190916 [SECURITY] [DLA 1923-1] ansible security updatehttps://lists.debian.org/debian-lts-announce/2019/09/msg00016.htmlMLISTThird Party Advisory
USN-4072-1https://usn.ubuntu.com/4072-1/UBUNTUThird Party Advisory
DSA-4396https://www.debian.org/security/2019/dsa-4396DEBIANThird Party Advisory