CVE-2018-10874

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_engine:2.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_engine:2.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_engine:2.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*

History

04 Aug 2021, 17:14

Type Values Removed Values Added
CPE cpe:2.3:a:redhat:openstack:13.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*

Information

Published : 2018-07-02 13:29

Updated : 2024-02-04 19:46


NVD link : CVE-2018-10874

Mitre link : CVE-2018-10874

CVE.ORG link : CVE-2018-10874


JSON object : View

Products Affected

redhat

  • virtualization_host
  • ansible_engine
  • virtualization
  • openstack
CWE
CWE-426

Untrusted Search Path

CWE-20

Improper Input Validation