CVE-2018-10875 vulnerability in Red Hat and Other Products
Published on July 13, 2018
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
NVD
Weakness Type
What is an Untrusted Path Vulnerability?
The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.
CVE-2018-10875 has been classified to as an Untrusted Path vulnerability or weakness.
Products Associated with CVE-2018-10875
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-10875 are published in these products:
Affected Versions
[UNKNOWN] ansible Version n/a is affected by CVE-2018-10875Exploit Probability
EPSS
0.04%
Percentile
12.97%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.