Veracode Vulnerability DatabaseVERACODE:7064Arbitrary Code Execution
0.001 Low
EPSS
Percentile
33.7%
ansible is vulnerable to arbitrary code execution attacks. The application does not restrict the ansible.cfg file from being installed into a world readable directory, allowing a malicious user to use it to direct to a malicious plugin or module to execute arbitrary code.
References
lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html
www.securitytracker.com/id/1041396
access.redhat.com/errata/RHBA-2018:3788
access.redhat.com/errata/RHSA-2018:2150
access.redhat.com/errata/RHSA-2018:2151
access.redhat.com/errata/RHSA-2018:2152
access.redhat.com/errata/RHSA-2018:2166
access.redhat.com/errata/RHSA-2018:2321
access.redhat.com/errata/RHSA-2018:2585
access.redhat.com/errata/RHSA-2019:0054
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875
github.com/ansible/ansible/commit/b6f2aad600662a2eee2c3079b3713827163f3fd4#diff-4620481bb35f1868b3b433c63ee9d013
github.com/ansible/ansible/pull/42070
lists.debian.org/debian-lts-announce/2019/09/msg00016.html
usn.ubuntu.com/4072-1/
www.debian.org/security/2019/dsa-4396
Related
