VDB
PYSEC-2018-43
PYSEC-2018-43
PUBLISHED
CVSS 9.300000190734863 CRITICAL
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.
Risk Scores
CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| PyPI | ansible | 2.4, 2.6, 2.4.0.0 |
Timeline
- Jul 13, 2018 CVE Published
- Apr 22, 2024 CVE Updated
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875 report
- http://www.securitytracker.com/id/1041396 url
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html url
- https://access.redhat.com/errata/RHSA-2018:2166 advisory
- https://access.redhat.com/errata/RHSA-2018:2152 advisory
- https://access.redhat.com/errata/RHSA-2018:2151 advisory
- https://access.redhat.com/errata/RHSA-2018:2150 advisory
- https://access.redhat.com/errata/RHSA-2018:2321 advisory
- https://access.redhat.com/errata/RHSA-2018:2585 advisory
- https://access.redhat.com/errata/RHBA-2018:3788 advisory
- https://access.redhat.com/errata/RHSA-2019:0054 advisory
- https://www.debian.org/security/2019/dsa-4396 advisory
- https://usn.ubuntu.com/4072-1/ advisory
- https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html advisory