VDB

GCVE-110-MAGEIA-2018-439

GCVE-110-MAGEIA-2018-439
Advisory Published
Vulnetix · Advisory published November 11, 2018
It was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result (CVE-2018-10874). It was found that ansible.cfg is being read from the current working directory, which can be made to point to plugin or module paths that are under control of the attacker. This could allow an attacker to execute arbitrary code (CVE-2018-10875).

Affected Products

VendorProductVersionsPlatforms
Mageiaansible0 (affected), 2.4.6.0-1.1.mga6 (unaffected)

Browse GCVE Records

73,161 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›