CVE-2018-10875

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.

References

Affected packages

Git / github.com/ansible/ansible

Affected ranges

Type

GIT

Repo

https://github.com/ansible/ansible

Events

Introduced

Last affected

2c2dd1a1b3eca6248979e04e70afff6dd3fcf366

Introduced

Last affected

8ce3bd6deaa0a0274a921c0137cbd804ffc312d0

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.6"
        }
    ]
}

Affected versions

0.*

0.0.1

0.0.2

0.01

0.3

0.7

v1.*

v1.0

v1.1

v1.2

v1.4.0

v1.5.0

v1.5.1

v1.6.0

Other

v1_last

v2.*

v2.0.0-0.1.alpha1

v2.0.0-0.2.alpha2

v2.0.0-0.3.beta1

v2.0.0-0.4.beta2

v2.0.0-0.5.beta3

v2.5.0

v2.5.0b1

v2.5.0b2

v2.5.0rc1

v2.5.0rc2

v2.5.0rc3

v2.6.0

v2.6.0a1

v2.6.0a2

v2.6.0rc1

v2.6.0rc2

v2.6.0rc3

v2.6.0rc4

v2.6.0rc5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-10875.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2.4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.0.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "13"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "4.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "4.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "19.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    }
]