Lucene search

K

Veracode Vulnerability DatabaseVERACODE:12970

HistoryJan 15, 2019 - 9:24 a.m.

Arbitrary Code Execution

2019-01-1509:24:12

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

14

EPSS

0.001

Percentile

32.4%

ansible is vulnerable to arbitrary code execution. The application loads certain host/group variables from the current working directory when ad-hoc command line commands are run and a playbook or playbook base directory is not specified. This can allow a malicious user to inject and execute arbitrary code.

References

www.securitytracker.com/id/1041396

access.redhat.com/errata/RHBA-2018:3788

access.redhat.com/errata/RHSA-2018:2150

access.redhat.com/errata/RHSA-2018:2151

access.redhat.com/errata/RHSA-2018:2152

access.redhat.com/errata/RHSA-2018:2166

access.redhat.com/errata/RHSA-2018:2321

access.redhat.com/errata/RHSA-2018:2585

access.redhat.com/errata/RHSA-2019:0054

access.redhat.com/security/cve/CVE-2018-10874

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=1596528

bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874

usn.ubuntu.com/4072-1/

EPSS

0.001

Percentile

32.4%

Related for VERACODE:12970

prion1 cvelist1 cve1 debiancve1 github1 osv3 ibm1 ubuntucve1 veracode1 nvd1 redhatcve1 redhat7 nessus11 openvas7 mageia1 fedora5 ubuntu1