CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
32.4%
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker’s control, allowing to run arbitrary code as a result.
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | ansible_engine | 2.0 | cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:* |
redhat | ansible_engine | 2.4 | cpe:2.3:a:redhat:ansible_engine:2.4:*:*:*:*:*:*:* |
redhat | ansible_engine | 2.5 | cpe:2.3:a:redhat:ansible_engine:2.5:*:*:*:*:*:*:* |
redhat | ansible_engine | 2.6 | cpe:2.3:a:redhat:ansible_engine:2.6:*:*:*:*:*:*:* |
redhat | openstack | 10 | cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:* |
redhat | openstack | 12 | cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:* |
redhat | openstack | 13 | cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:* |
redhat | virtualization | 4.0 | cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:* |
redhat | virtualization_host | 4.0 | cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:* |
www.securitytracker.com/id/1041396
access.redhat.com/errata/RHBA-2018:3788
access.redhat.com/errata/RHSA-2018:2150
access.redhat.com/errata/RHSA-2018:2151
access.redhat.com/errata/RHSA-2018:2152
access.redhat.com/errata/RHSA-2018:2166
access.redhat.com/errata/RHSA-2018:2321
access.redhat.com/errata/RHSA-2018:2585
access.redhat.com/errata/RHSA-2019:0054
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874
usn.ubuntu.com/4072-1/
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
32.4%