CVE-2018-10875

Source
https://nvd.nist.gov/vuln/detail/CVE-2018-10875
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-10875.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-10875
Aliases
Related
Published
2018-07-13T22:29:00Z
Modified
2024-11-02T05:27:45.663048Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.

References

Affected packages

Alpine:v3.10 / ansible

Package

Name
ansible
Purl
pkg:apk/alpine/ansible?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.6.3-r0

Affected versions

0.*

0.3.1-r0
0.4-r0
0.5-r0
0.7-r0
0.7.1-r0
0.8-r0
0.9-r0

1.*

1.0-r0
1.0-r1
1.1-r0
1.1-r1
1.2-r1
1.2.1-r1
1.2.2-r0
1.2.3-r0
1.3.3-r0
1.3.4-r0
1.4.1-r0
1.4.3-r0
1.4.5-r0
1.5.0-r0
1.5.4-r0
1.5.5-r0
1.6.1-r0
1.6.5-r0
1.6.6-r0
1.6.7-r0
1.7.0-r0
1.7.1-r0
1.7.2-r0
1.8.0-r0
1.8.2-r0
1.8.4-r0
1.9.2-r0
1.9.2-r1
1.9.3-r0
1.9.3-r1
1.9.4-r0

2.*

2.0.0.2-r0
2.0.0.2-r1
2.0.1.0-r1
2.1.0.0-r0
2.1.1.0-r0
2.1.2.0-r0
2.2.0.0-r0
2.2.1.0-r0
2.2.1.0-r1
2.2.2.0-r0
2.3.0.0-r0
2.3.0.0-r1
2.3.1.0-r0
2.3.2.0-r0
2.4.0.0-r0
2.4.1.0-r0
2.4.2.0-r0
2.4.3.0-r0
2.5.0-r0
2.5.2-r0
2.5.4-r0
2.5.5-r0
2.6.0-r0
2.6.1-r0

Alpine:v3.11 / ansible

Package

Name
ansible
Purl
pkg:apk/alpine/ansible?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.6.3-r0

Affected versions

0.*

0.3.1-r0
0.4-r0
0.5-r0
0.7-r0
0.7.1-r0
0.8-r0
0.9-r0

1.*

1.0-r0
1.0-r1
1.1-r0
1.1-r1
1.2-r1
1.2.1-r1
1.2.2-r0
1.2.3-r0
1.3.3-r0
1.3.4-r0
1.4.1-r0
1.4.3-r0
1.4.5-r0
1.5.0-r0
1.5.4-r0
1.5.5-r0
1.6.1-r0
1.6.5-r0
1.6.6-r0
1.6.7-r0
1.7.0-r0
1.7.1-r0
1.7.2-r0
1.8.0-r0
1.8.2-r0
1.8.4-r0
1.9.2-r0
1.9.2-r1
1.9.3-r0
1.9.3-r1
1.9.4-r0

2.*

2.0.0.2-r0
2.0.0.2-r1
2.0.1.0-r1
2.1.0.0-r0
2.1.1.0-r0
2.1.2.0-r0
2.2.0.0-r0
2.2.1.0-r0
2.2.1.0-r1
2.2.2.0-r0
2.3.0.0-r0
2.3.0.0-r1
2.3.1.0-r0
2.3.2.0-r0
2.4.0.0-r0
2.4.1.0-r0
2.4.2.0-r0
2.4.3.0-r0
2.5.0-r0
2.5.2-r0
2.5.4-r0
2.5.5-r0
2.6.0-r0
2.6.1-r0

Alpine:v3.12 / ansible

Package

Name
ansible
Purl
pkg:apk/alpine/ansible?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.6.3-r0

Affected versions

0.*

0.3.1-r0
0.4-r0
0.5-r0
0.7-r0
0.7.1-r0
0.8-r0
0.9-r0

1.*

1.0-r0
1.0-r1
1.1-r0
1.1-r1
1.2-r1
1.2.1-r1
1.2.2-r0
1.2.3-r0
1.3.3-r0
1.3.4-r0
1.4.1-r0
1.4.3-r0
1.4.5-r0
1.5.0-r0
1.5.4-r0
1.5.5-r0
1.6.1-r0
1.6.5-r0
1.6.6-r0
1.6.7-r0
1.7.0-r0
1.7.1-r0
1.7.2-r0
1.8.0-r0
1.8.2-r0
1.8.4-r0
1.9.2-r0
1.9.2-r1
1.9.3-r0
1.9.3-r1
1.9.4-r0

2.*

2.0.0.2-r0
2.0.0.2-r1
2.0.1.0-r1
2.1.0.0-r0
2.1.1.0-r0
2.1.2.0-r0
2.2.0.0-r0
2.2.1.0-r0
2.2.1.0-r1
2.2.2.0-r0
2.3.0.0-r0
2.3.0.0-r1
2.3.1.0-r0
2.3.2.0-r0
2.4.0.0-r0
2.4.1.0-r0
2.4.2.0-r0
2.4.3.0-r0
2.5.0-r0
2.5.2-r0
2.5.4-r0
2.5.5-r0
2.6.0-r0
2.6.1-r0

Alpine:v3.13 / ansible-base

Package

Name
ansible-base
Purl
pkg:apk/alpine/ansible-base?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.6.3-r0

Affected versions

0.*

0.3.1-r0
0.4-r0
0.5-r0
0.7-r0
0.7.1-r0
0.8-r0
0.9-r0

1.*

1.0-r0
1.0-r1
1.1-r0
1.1-r1
1.2-r1
1.2.1-r1
1.2.2-r0
1.2.3-r0
1.3.3-r0
1.3.4-r0
1.4.1-r0
1.4.3-r0
1.4.5-r0
1.5.0-r0
1.5.4-r0
1.5.5-r0
1.6.1-r0
1.6.5-r0
1.6.6-r0
1.6.7-r0
1.7.0-r0
1.7.1-r0
1.7.2-r0
1.8.0-r0
1.8.2-r0
1.8.4-r0
1.9.2-r0
1.9.2-r1
1.9.3-r0
1.9.3-r1
1.9.4-r0

2.*

2.0.0.2-r0
2.0.0.2-r1
2.0.1.0-r1
2.1.0.0-r0
2.1.1.0-r0
2.1.2.0-r0
2.2.0.0-r0
2.2.1.0-r0
2.2.1.0-r1
2.2.2.0-r0
2.3.0.0-r0
2.3.0.0-r1
2.3.1.0-r0
2.3.2.0-r0
2.4.0.0-r0
2.4.1.0-r0
2.4.2.0-r0
2.4.3.0-r0
2.5.0-r0
2.5.2-r0
2.5.4-r0
2.5.5-r0
2.6.0-r0
2.6.1-r0

Alpine:v3.14 / ansible-base

Package

Name
ansible-base
Purl
pkg:apk/alpine/ansible-base?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.6.3-r0

Affected versions

0.*

0.3.1-r0
0.4-r0
0.5-r0
0.7-r0
0.7.1-r0
0.8-r0
0.9-r0

1.*

1.0-r0
1.0-r1
1.1-r0
1.1-r1
1.2-r1
1.2.1-r1
1.2.2-r0
1.2.3-r0
1.3.3-r0
1.3.4-r0
1.4.1-r0
1.4.3-r0
1.4.5-r0
1.5.0-r0
1.5.4-r0
1.5.5-r0
1.6.1-r0
1.6.5-r0
1.6.6-r0
1.6.7-r0
1.7.0-r0
1.7.1-r0
1.7.2-r0
1.8.0-r0
1.8.2-r0
1.8.4-r0
1.9.2-r0
1.9.2-r1
1.9.3-r0
1.9.3-r1
1.9.4-r0

2.*

2.0.0.2-r0
2.0.0.2-r1
2.0.1.0-r1
2.1.0.0-r0
2.1.1.0-r0
2.1.2.0-r0
2.2.0.0-r0
2.2.1.0-r0
2.2.1.0-r1
2.2.2.0-r0
2.3.0.0-r0
2.3.0.0-r1
2.3.1.0-r0
2.3.2.0-r0
2.4.0.0-r0
2.4.1.0-r0
2.4.2.0-r0
2.4.3.0-r0
2.5.0-r0
2.5.2-r0
2.5.4-r0
2.5.5-r0
2.6.0-r0
2.6.1-r0

Alpine:v3.9 / ansible

Package

Name
ansible
Purl
pkg:apk/alpine/ansible?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.6.3-r0

Affected versions

0.*

0.3.1-r0
0.4-r0
0.5-r0
0.7-r0
0.7.1-r0
0.8-r0
0.9-r0

1.*

1.0-r0
1.0-r1
1.1-r0
1.1-r1
1.2-r1
1.2.1-r1
1.2.2-r0
1.2.3-r0
1.3.3-r0
1.3.4-r0
1.4.1-r0
1.4.3-r0
1.4.5-r0
1.5.0-r0
1.5.4-r0
1.5.5-r0
1.6.1-r0
1.6.5-r0
1.6.6-r0
1.6.7-r0
1.7.0-r0
1.7.1-r0
1.7.2-r0
1.8.0-r0
1.8.2-r0
1.8.4-r0
1.9.2-r0
1.9.2-r1
1.9.3-r0
1.9.3-r1
1.9.4-r0

2.*

2.0.0.2-r0
2.0.0.2-r1
2.0.1.0-r1
2.1.0.0-r0
2.1.1.0-r0
2.1.2.0-r0
2.2.0.0-r0
2.2.1.0-r0
2.2.1.0-r1
2.2.2.0-r0
2.3.0.0-r0
2.3.0.0-r1
2.3.1.0-r0
2.3.2.0-r0
2.4.0.0-r0
2.4.1.0-r0
2.4.2.0-r0
2.4.3.0-r0
2.5.0-r0
2.5.2-r0
2.5.4-r0
2.5.5-r0
2.6.0-r0
2.6.1-r0

Debian:11 / ansible

Package

Name
ansible
Purl
pkg:deb/debian/ansible?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.6.1+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / ansible

Package

Name
ansible
Purl
pkg:deb/debian/ansible?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.6.1+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / ansible

Package

Name
ansible
Purl
pkg:deb/debian/ansible?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.6.1+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

Affected ranges

Type
GIT
Repo
http://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
02f8c6aee8df3cdc935e9bdd4f2d020306035dbe
Last affected
39a8804455fb23f09157341d3ba7db6d7ae6ee76
Type
GIT
Repo
https://github.com/ansible/ansible
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Last affected

Affected versions

0.*

0.0.1
0.0.2
0.01
0.3
0.7

v1.*

v1.0
v1.1
v1.2
v1.4.0
v1.5.0
v1.5.1
v1.6.0

Other

v1_last

v2.*

v2.0.0-0.1.alpha1
v2.0.0-0.2.alpha2
v2.0.0-0.3.beta1
v2.0.0-0.4.beta2
v2.0.0-0.5.beta3
v2.5.0
v2.5.0b1
v2.5.0b2
v2.5.0rc1
v2.5.0rc2
v2.5.0rc3
v2.6.0
v2.6.0a1
v2.6.0a2
v2.6.0rc1
v2.6.0rc2
v2.6.0rc3
v2.6.0rc4
v2.6.0rc5
v2.6.12
v2.6.12-rc2
v2.6.12-rc3
v2.6.12-rc4
v2.6.12-rc5
v2.6.12-rc6
v2.6.13
v2.6.13-rc1
v2.6.13-rc2
v2.6.13-rc3
v2.6.13-rc4
v2.6.13-rc5
v2.6.13-rc6
v2.6.13-rc7
v2.6.14
v2.6.14-rc1
v2.6.14-rc2
v2.6.14-rc3
v2.6.14-rc4
v2.6.14-rc5
v2.6.15
v2.6.15-rc1
v2.6.15-rc2
v2.6.15-rc3
v2.6.15-rc4
v2.6.15-rc5
v2.6.15-rc6
v2.6.15-rc7
v2.6.16
v2.6.16-rc1
v2.6.16-rc2
v2.6.16-rc3
v2.6.16-rc4
v2.6.16-rc5
v2.6.16-rc6
v2.6.17
v2.6.17-rc1
v2.6.17-rc2
v2.6.17-rc3
v2.6.17-rc4
v2.6.17-rc5
v2.6.17-rc6
v2.6.18
v2.6.18-rc1
v2.6.18-rc2
v2.6.18-rc3
v2.6.18-rc4
v2.6.18-rc5
v2.6.18-rc6
v2.6.18-rc7
v2.6.19
v2.6.19-rc1
v2.6.19-rc2
v2.6.19-rc3
v2.6.19-rc4
v2.6.19-rc5
v2.6.19-rc6
v2.6.20
v2.6.20-rc1
v2.6.20-rc2
v2.6.20-rc3
v2.6.20-rc4
v2.6.20-rc5
v2.6.20-rc6
v2.6.20-rc7
v2.6.21
v2.6.21-rc1
v2.6.21-rc2
v2.6.21-rc3
v2.6.21-rc4
v2.6.21-rc5
v2.6.21-rc6
v2.6.21-rc7
v2.6.22
v2.6.22-rc1
v2.6.22-rc2
v2.6.22-rc3
v2.6.22-rc4
v2.6.22-rc5
v2.6.22-rc6
v2.6.22-rc7
v2.6.23
v2.6.23-rc1
v2.6.23-rc2
v2.6.23-rc3
v2.6.23-rc4
v2.6.23-rc5
v2.6.23-rc6
v2.6.23-rc7
v2.6.23-rc8
v2.6.23-rc9
v2.6.24
v2.6.24-rc1
v2.6.24-rc2
v2.6.24-rc3
v2.6.24-rc4
v2.6.24-rc5
v2.6.24-rc6
v2.6.24-rc7
v2.6.24-rc8
v2.6.25
v2.6.25-rc1
v2.6.25-rc2
v2.6.25-rc3
v2.6.25-rc4
v2.6.25-rc5
v2.6.25-rc6
v2.6.25-rc7
v2.6.25-rc8
v2.6.25-rc9
v2.6.26
v2.6.26-rc1
v2.6.26-rc2
v2.6.26-rc3
v2.6.26-rc4
v2.6.26-rc5
v2.6.26-rc6
v2.6.26-rc7
v2.6.26-rc8
v2.6.26-rc9
v2.6.27
v2.6.27-rc1
v2.6.27-rc2
v2.6.27-rc3
v2.6.27-rc4
v2.6.27-rc5
v2.6.27-rc6
v2.6.27-rc7
v2.6.27-rc8
v2.6.27-rc9
v2.6.28
v2.6.28-rc1
v2.6.28-rc2
v2.6.28-rc3
v2.6.28-rc4
v2.6.28-rc5
v2.6.28-rc6
v2.6.28-rc7
v2.6.28-rc8
v2.6.28-rc9
v2.6.29
v2.6.29-rc1
v2.6.29-rc2
v2.6.29-rc3
v2.6.29-rc4
v2.6.29-rc5
v2.6.29-rc6
v2.6.29-rc7
v2.6.29-rc8
v2.6.30
v2.6.30-rc1
v2.6.30-rc2
v2.6.30-rc3
v2.6.30-rc4
v2.6.30-rc5
v2.6.30-rc6
v2.6.30-rc7
v2.6.30-rc8
v2.6.31
v2.6.31-rc1
v2.6.31-rc2
v2.6.31-rc3
v2.6.31-rc4
v2.6.31-rc5
v2.6.31-rc6
v2.6.31-rc7
v2.6.31-rc8
v2.6.31-rc9
v2.6.32
v2.6.32-rc1
v2.6.32-rc2
v2.6.32-rc3
v2.6.32-rc4
v2.6.32-rc5
v2.6.32-rc6
v2.6.32-rc7
v2.6.32-rc8
v2.6.33
v2.6.33-rc1
v2.6.33-rc2
v2.6.33-rc3
v2.6.33-rc4
v2.6.33-rc5
v2.6.33-rc6
v2.6.33-rc7
v2.6.33-rc8
v2.6.34
v2.6.34-rc1
v2.6.34-rc2
v2.6.34-rc3
v2.6.34-rc4
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v2.6.35
v2.6.35-rc1
v2.6.35-rc2
v2.6.35-rc3
v2.6.35-rc4
v2.6.35-rc5
v2.6.35-rc6
v2.6.36
v2.6.36-rc1
v2.6.36-rc2
v2.6.36-rc3
v2.6.36-rc4
v2.6.36-rc5
v2.6.36-rc6
v2.6.36-rc7
v2.6.36-rc8
v2.6.37
v2.6.37-rc1
v2.6.37-rc2
v2.6.37-rc3
v2.6.37-rc4
v2.6.37-rc5
v2.6.37-rc6
v2.6.37-rc7
v2.6.37-rc8
v2.6.38
v2.6.38-rc1
v2.6.38-rc2
v2.6.38-rc3
v2.6.38-rc4
v2.6.38-rc5
v2.6.38-rc6
v2.6.38-rc7
v2.6.38-rc8
v2.6.39
v2.6.39-rc1
v2.6.39-rc2
v2.6.39-rc3
v2.6.39-rc4
v2.6.39-rc5
v2.6.39-rc6
v2.6.39-rc7

v3.*

v3.0
v3.0-rc1
v3.0-rc2
v3.0-rc3
v3.0-rc4
v3.0-rc5
v3.0-rc6
v3.0-rc7