Bug 1596528 (CVE-2018-10874) - CVE-2018-10874 ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution
Summary: CVE-2018-10874 ansible: Inventory variables are loaded from current working d...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2018-10874
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1598807 1598808 1598809 1598810 1598811 1598812 1599296 1602768 1602769 1602770 1602771 1607723 1610582 1610583 1610584 1636192 1636194
Blocks: 1595939
TreeView+ depends on / blocked
 
Reported: 2018-06-29 07:56 UTC by Adam Mariš
Modified: 2021-02-17 00:03 UTC (History)
79 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-10 10:30:57 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:2150 0 None None None 2018-07-10 09:49:13 UTC
Red Hat Product Errata RHSA-2018:2151 0 None None None 2018-07-10 11:33:06 UTC
Red Hat Product Errata RHSA-2018:2152 0 None None None 2018-07-10 12:56:33 UTC
Red Hat Product Errata RHSA-2018:2166 0 None None None 2018-07-10 17:20:23 UTC
Red Hat Product Errata RHSA-2018:2321 0 None None None 2018-07-31 17:49:58 UTC
Red Hat Product Errata RHSA-2018:2585 0 None None None 2018-08-29 16:05:28 UTC
Red Hat Product Errata RHSA-2019:0054 0 None None None 2019-01-16 17:10:04 UTC

Description Adam Mariš 2018-06-29 07:56:12 UTC
It was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.

Comment 1 Laura Pardo 2018-06-29 15:08:09 UTC
Acknowledgments:

Name: Michael Scherer (OSAS)

Comment 2 Borja Tarraso 2018-07-06 13:54:01 UTC
Created ansible tracking bugs for this issue:

Affects: epel-all [bug 1598810]
Affects: fedora-all [bug 1598809]

Comment 6 errata-xmlrpc 2018-07-10 09:48:47 UTC
This issue has been addressed in the following products:

  Red Hat Ansible Engine 2.5 for RHEL 7

Via RHSA-2018:2150 https://access.redhat.com/errata/RHSA-2018:2150

Comment 7 errata-xmlrpc 2018-07-10 11:32:38 UTC
This issue has been addressed in the following products:

  Red Hat Ansible Engine 2 for RHEL 7

Via RHSA-2018:2151 https://access.redhat.com/errata/RHSA-2018:2151

Comment 8 errata-xmlrpc 2018-07-10 12:56:08 UTC
This issue has been addressed in the following products:

  Red Hat Ansible Engine 2.4 for RHEL 7

Via RHSA-2018:2152 https://access.redhat.com/errata/RHSA-2018:2152

Comment 9 errata-xmlrpc 2018-07-10 17:19:58 UTC
This issue has been addressed in the following products:

  Red Hat Ansible Engine 2.6 for RHEL 7

Via RHSA-2018:2166 https://access.redhat.com/errata/RHSA-2018:2166

Comment 12 errata-xmlrpc 2018-07-31 17:49:29 UTC
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2018:2321 https://access.redhat.com/errata/RHSA-2018:2321

Comment 17 errata-xmlrpc 2018-08-29 16:05:03 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 13.0 (Queens)

Via RHSA-2018:2585 https://access.redhat.com/errata/RHSA-2018:2585

Comment 22 errata-xmlrpc 2019-01-16 17:10:01 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 10.0 (Newton)

Via RHSA-2019:0054 https://access.redhat.com/errata/RHSA-2019:0054

Comment 23 Hardik Vyas 2020-12-04 15:31:17 UTC
Statement:

Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.


Note You need to log in before you can comment on or make changes to this bug.