CVE-2018-10875
Arbitrary Code Execution vulnerability in ansible (PyPI)
What is CVE-2018-10875 About?
This flaw in Ansible allows `ansible.cfg` to be read from the current working directory, enabling an attacker to control plugin or module paths. By doing so, an attacker can execute arbitrary code on the target system. Exploitation requires specific user interaction or environmental setup, making it moderately easy.
Affected Software
- ansible
- >=2.6.0a1, <2.6.1
- >=2.5, <2.5.6
- <2.4.6.0
- >=2.5.0a1, <2.5.6
Technical Details
The vulnerability stems from Ansible's behavior of searching for and loading ansible.cfg from the current working directory. An attacker can craft a malicious ansible.cfg file that points to a controlled plugin or module path. If a user then executes an Ansible command in a directory containing this malicious ansible.cfg and the attacker-controlled plugins/modules, Ansible will load and execute the attacker's code. This allows for arbitrary code execution because Ansible does not properly validate the source of its configuration or loaded modules, trusting the ansible.cfg in the immediate execution context.
What is the Impact of CVE-2018-10875?
Successful exploitation may allow attackers to execute arbitrary code with the privileges of the user running Ansible, leading to full system compromise, data theft, or denial of service.
What is the Exploitability of CVE-2018-10875?
Exploiting this vulnerability requires an attacker to place a malicious ansible.cfg file and corresponding attacker-controlled plugin/module files in a directory where an Ansible user is expected to execute commands. The user must then execute an Ansible command from that specific directory. This is primarily a local exploitation scenario or requires an attacker to have write access to a directory that a legitimate Ansible user will operate in. No specific authentication is required beyond the attacker's ability to place the files. Privilege requirements would be those of the Ansible user. The complexity is moderate, as it requires social engineering or prior access to the system to set up the malicious files in the correct location.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2018-10875?
Available Upgrade Options
- ansible
- <2.4.6.0 → Upgrade to 2.4.6.0
- ansible
- >=2.5.0a1, <2.5.6 → Upgrade to 2.5.6
- ansible
- >=2.6.0a1, <2.6.1 → Upgrade to 2.6.1
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html
- https://github.com/ansible/ansible/commit/4cecbe81adbc655d7ab734165d3ac539f8ba5981
- https://access.redhat.com/errata/RHSA-2018:2321
- https://access.redhat.com/errata/RHSA-2018:2150
- https://github.com/ansible/ansible
- https://access.redhat.com/errata/RHSA-2018:2585
- https://osv.dev/vulnerability/GHSA-fc4h-467w-46rh
- https://www.debian.org/security/2019/dsa-4396
- https://access.redhat.com/errata/RHSA-2018:2152
- https://nvd.nist.gov/vuln/detail/CVE-2018-10875
What are Similar Vulnerabilities to CVE-2018-10875?
Similar Vulnerabilities: CVE-2020-1736 , CVE-2021-3677 , CVE-2022-27666 , CVE-2023-26116 , CVE-2019-12297
