CVE-2018-10874 vulnerability in Red Hat Products
Published on July 2, 2018
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
Weakness Type
What is an Untrusted Path Vulnerability?
The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.
CVE-2018-10874 has been classified to as an Untrusted Path vulnerability or weakness.
Products Associated with CVE-2018-10874
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-10874 are published in these products:
Affected Versions
[UNKNOWN] ansible Version n/a is affected by CVE-2018-10874Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.