ALPINE-CVE-2018-10875 — Vulnetix

Try Vulnetix Request Demo

ALPINE-CVE-2018-10875 PUBLISHED CVSS 7.800000190734863 HIGH

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.

Risk Scores

CVSS v3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Alpine:v3.10	ansible	0.4-r0, 0.5-r0, 0.7-r0
Alpine:v3.9	ansible	1.3.3-r0, 0.7-r0, 0.4-r0
Alpine:v3.13	ansible-base	0, 2.6.1-r0, 2.6.0-r0
Alpine:v3.11	ansible	2.6.1-r0, 0, 0.4-r0
Alpine:v3.14	ansible-base	0.7.1-r0, 0.3.1-r0, 0.5-r0
Alpine:v3.12	ansible	0, 2.6.1-r0, 2.6.0-r0

Timeline

Jul 13, 2018 CVE Published
Nov 19, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2018-10875 advisory

Open in Interactive Console →