Lucene search

GoogleOSV:GHSA-3XVG-X47J-X75W

HistoryMay 13, 2022 - 1:07 a.m.

Ansible Improper Input Validation vulnerability

2022-05-1301:07:34

Google

osv.dev

ansible

input validation

ad-hoc command

arbitrary code

software

EPSS

0.001

Percentile

32.4%

JSON

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker’s control, allowing to run arbitrary code as a result.

References

www.securitytracker.com/id/1041396

access.redhat.com/errata/RHBA-2018:3788

access.redhat.com/errata/RHSA-2018:2150

access.redhat.com/errata/RHSA-2018:2151

access.redhat.com/errata/RHSA-2018:2152

access.redhat.com/errata/RHSA-2018:2166

access.redhat.com/errata/RHSA-2018:2321

access.redhat.com/errata/RHSA-2018:2585

access.redhat.com/errata/RHSA-2019:0054

access.redhat.com/security/cve/CVE-2018-10874

bugzilla.redhat.com/show_bug.cgi?id=1596528

bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874

github.com/ansible/ansible

nvd.nist.gov/vuln/detail/CVE-2018-10874

usn.ubuntu.com/4072-1

web.archive.org/web/20201130165946/www.securitytracker.com/id/1041396

EPSS

0.001

Percentile

32.4%

JSON

Related for OSV:GHSA-3XVG-X47J-X75W