MGASA-2018-0439

Advisory lineage Upstream: 2 Downstream: 0

Upstream

CVE-2018-10874 CVE-2018-10875

Published: 11 Nov 2018, 21:09

Last modified:16 Apr 2026, 06:23

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

11 Nov 2018, 21:09

Published

Vulnerability first disclosed

16 Apr 2026, 06:23

Last Modified

Vulnerability information updated

Description

Updated ansible package fixes security vulnerabilities It was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result (CVE-2018-10874). It was found that ansible.cfg is being read from the current working directory, which can be made to point to plugin or module paths that are under control of the attacker. This could allow an attacker to execute arbitrary code (CVE-2018-10875).

Affected Systems

mageia•ansible
< 2.4.6.0-1.1.mga6

MGASA-2018-0439

Vulnerability Summary

Timeline

Description

Affected Systems

References (4)