PT-2018-2340 · Red Hat+1 · Ansible+1

Adam Mariš

Published

2018-06-29

Updated

2026-06-03

CVE-2018-10875

CVSS v4.0

8.5

High

Vector

AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions ansible (affected versions not specified)

Description A flaw in ansible allows an attacker to execute arbitrary code by altering the ansible.cfg file in the current working directory to point to a plugin or module path under their control. This can be exploited remotely.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426

Related Identifiers

BDU:2019-00506

CVE-2018-10875

DLA-1923-1

DSA-4396-1

GHSA-FC4H-467W-46RH

MGASA-2018-0439

OPENSUSE-SU-2019:0238-1

OPENSUSE-SU-2019:1125-1

OPENSUSE-SU-2022:0081-1

OPENSUSE-SU-2024:10615-1

OPENSUSE-SU-2024:14244-1

OPENSUSE-SU-2024:14536-1

OPENSUSE-SU-2025:15605-1

OPENSUSE-SU-2025:15753-1

OPENSUSE-SU-2026:10944-1

PYSEC-2018-43

RHSA-2018:2150

RHSA-2018:2151

RHSA-2018:2152

RHSA-2018:2166

RHSA-2018:2321

RHSA-2018:2585

RHSA-2019:0054

SUSE-SU-2018:4130-1

SUSE-SU-2020:3309-1

USN-4072-1

Affected Products

Ubuntu

Ansible

PT-2018-2340 · Red Hat+1 · Ansible+1

CVE-2018-10875

Weakness Enumeration

Related Identifiers

Affected Products

References · 200