SQL injection - Code In ansible
Description
Ansible Arbitrary Code Execution A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 pypi | >=0 <2.4.6.0 || >=2.5.0a1 <2.5.6 || >=2.6.0a1 <2.6.1 | 2.4.6.0, 2.5.6, 2.6.1 | |
 alpine v3.12 | =0.3.1-r0 || =0.4-r0 || =0.5-r0 || =0.7-r0 || =0.7.1-r0 || =0.8-r0 || =0.9-r0 || =1.0-r0 || =1.0-r1 || =1.1-r0 || =1.1-r1 || =1.2-r1 || =1.2.1-r1 || =1.2.2-r0 || =1.2.3-r0 || =1.3.3-r0 || =1.3.4-r0 || =1.4.1-r0 || =1.4.3-r0 || =1.4.5-r0 || =1.5.0-r0 || =1.5.4-r0 || =1.5.5-r0 || =1.6.1-r0 || =1.6.5-r0 || =1.6.6-r0 || =1.6.7-r0 || =1.7.0-r0 || =1.7.1-r0 || =1.7.2-r0 || =1.8.0-r0 || =1.8.2-r0 || =1.8.4-r0 || =1.9.2-r0 || =1.9.2-r1 || =1.9.3-r0 || =1.9.3-r1 || =1.9.4-r0 || =2.0.0.2-r0 || =2.0.0.2-r1 || =2.0.1.0-r1 || =2.1.0.0-r0 || =2.1.1.0-r0 || =2.1.2.0-r0 || =2.2.0.0-r0 || =2.2.1.0-r0 || =2.2.1.0-r1 || =2.2.2.0-r0 || =2.3.0.0-r0 || =2.3.0.0-r1 || =2.3.1.0-r0 || =2.3.2.0-r0 || =2.4.0.0-r0 || =2.4.1.0-r0 || =2.4.2.0-r0 || =2.4.3.0-r0 || =2.5.0-r0 || =2.5.2-r0 || =2.5.4-r0 || =2.5.5-r0 || =2.6.0-r0 || =2.6.1-r0 || >=0 <2.6.3-r0 | 2.6.3-r0 | |
 debian 14 | >=0 <2.6.1+dfsg-1 | 2.6.1+dfsg-1 | |
alpine v3.14 | =0.3.1-r0 || =0.4-r0 || =0.5-r0 || =0.7-r0 || =0.7.1-r0 || =0.8-r0 || =0.9-r0 || =1.0-r0 || =1.0-r1 || =1.1-r0 || =1.1-r1 || =1.2-r1 || =1.2.1-r1 || =1.2.2-r0 || =1.2.3-r0 || =1.3.3-r0 || =1.3.4-r0 || =1.4.1-r0 || =1.4.3-r0 || =1.4.5-r0 || =1.5.0-r0 || =1.5.4-r0 || =1.5.5-r0 || =1.6.1-r0 || =1.6.5-r0 || =1.6.6-r0 || =1.6.7-r0 || =1.7.0-r0 || =1.7.1-r0 || =1.7.2-r0 || =1.8.0-r0 || =1.8.2-r0 || =1.8.4-r0 || =1.9.2-r0 || =1.9.2-r1 || =1.9.3-r0 || =1.9.3-r1 || =1.9.4-r0 || =2.0.0.2-r0 || =2.0.0.2-r1 || =2.0.1.0-r1 || =2.1.0.0-r0 || =2.1.1.0-r0 || =2.1.2.0-r0 || =2.2.0.0-r0 || =2.2.1.0-r0 || =2.2.1.0-r1 || =2.2.2.0-r0 || =2.3.0.0-r0 || =2.3.0.0-r1 || =2.3.1.0-r0 || =2.3.2.0-r0 || =2.4.0.0-r0 || =2.4.1.0-r0 || =2.4.2.0-r0 || =2.4.3.0-r0 || =2.5.0-r0 || =2.5.2-r0 || =2.5.4-r0 || =2.5.5-r0 || =2.6.0-r0 || =2.6.1-r0 || >=0 <2.6.3-r0 | 2.6.3-r0 | |
alpine v3.13 | =0.3.1-r0 || =0.4-r0 || =0.5-r0 || =0.7-r0 || =0.7.1-r0 || =0.8-r0 || =0.9-r0 || =1.0-r0 || =1.0-r1 || =1.1-r0 || =1.1-r1 || =1.2-r1 || =1.2.1-r1 || =1.2.2-r0 || =1.2.3-r0 || =1.3.3-r0 || =1.3.4-r0 || =1.4.1-r0 || =1.4.3-r0 || =1.4.5-r0 || =1.5.0-r0 || =1.5.4-r0 || =1.5.5-r0 || =1.6.1-r0 || =1.6.5-r0 || =1.6.6-r0 || =1.6.7-r0 || =1.7.0-r0 || =1.7.1-r0 || =1.7.2-r0 || =1.8.0-r0 || =1.8.2-r0 || =1.8.4-r0 || =1.9.2-r0 || =1.9.2-r1 || =1.9.3-r0 || =1.9.3-r1 || =1.9.4-r0 || =2.0.0.2-r0 || =2.0.0.2-r1 || =2.0.1.0-r1 || =2.1.0.0-r0 || =2.1.1.0-r0 || =2.1.2.0-r0 || =2.2.0.0-r0 || =2.2.1.0-r0 || =2.2.1.0-r1 || =2.2.2.0-r0 || =2.3.0.0-r0 || =2.3.0.0-r1 || =2.3.1.0-r0 || =2.3.2.0-r0 || =2.4.0.0-r0 || =2.4.1.0-r0 || =2.4.2.0-r0 || =2.4.3.0-r0 || =2.5.0-r0 || =2.5.2-r0 || =2.5.4-r0 || =2.5.5-r0 || =2.6.0-r0 || =2.6.1-r0 || >=0 <2.6.3-r0 | 2.6.3-r0 | |
alpine v3.10 | =0.3.1-r0 || =0.4-r0 || =0.5-r0 || =0.7-r0 || =0.7.1-r0 || =0.8-r0 || =0.9-r0 || =1.0-r0 || =1.0-r1 || =1.1-r0 || =1.1-r1 || =1.2-r1 || =1.2.1-r1 || =1.2.2-r0 || =1.2.3-r0 || =1.3.3-r0 || =1.3.4-r0 || =1.4.1-r0 || =1.4.3-r0 || =1.4.5-r0 || =1.5.0-r0 || =1.5.4-r0 || =1.5.5-r0 || =1.6.1-r0 || =1.6.5-r0 || =1.6.6-r0 || =1.6.7-r0 || =1.7.0-r0 || =1.7.1-r0 || =1.7.2-r0 || =1.8.0-r0 || =1.8.2-r0 || =1.8.4-r0 || =1.9.2-r0 || =1.9.2-r1 || =1.9.3-r0 || =1.9.3-r1 || =1.9.4-r0 || =2.0.0.2-r0 || =2.0.0.2-r1 || =2.0.1.0-r1 || =2.1.0.0-r0 || =2.1.1.0-r0 || =2.1.2.0-r0 || =2.2.0.0-r0 || =2.2.1.0-r0 || =2.2.1.0-r1 || =2.2.2.0-r0 || =2.3.0.0-r0 || =2.3.0.0-r1 || =2.3.1.0-r0 || =2.3.2.0-r0 || =2.4.0.0-r0 || =2.4.1.0-r0 || =2.4.2.0-r0 || =2.4.3.0-r0 || =2.5.0-r0 || =2.5.2-r0 || =2.5.4-r0 || =2.5.5-r0 || =2.6.0-r0 || =2.6.1-r0 || >=0 <2.6.3-r0 | 2.6.3-r0 | |
alpine v3.11 | =0.3.1-r0 || =0.4-r0 || =0.5-r0 || =0.7-r0 || =0.7.1-r0 || =0.8-r0 || =0.9-r0 || =1.0-r0 || =1.0-r1 || =1.1-r0 || =1.1-r1 || =1.2-r1 || =1.2.1-r1 || =1.2.2-r0 || =1.2.3-r0 || =1.3.3-r0 || =1.3.4-r0 || =1.4.1-r0 || =1.4.3-r0 || =1.4.5-r0 || =1.5.0-r0 || =1.5.4-r0 || =1.5.5-r0 || =1.6.1-r0 || =1.6.5-r0 || =1.6.6-r0 || =1.6.7-r0 || =1.7.0-r0 || =1.7.1-r0 || =1.7.2-r0 || =1.8.0-r0 || =1.8.2-r0 || =1.8.4-r0 || =1.9.2-r0 || =1.9.2-r1 || =1.9.3-r0 || =1.9.3-r1 || =1.9.4-r0 || =2.0.0.2-r0 || =2.0.0.2-r1 || =2.0.1.0-r1 || =2.1.0.0-r0 || =2.1.1.0-r0 || =2.1.2.0-r0 || =2.2.0.0-r0 || =2.2.1.0-r0 || =2.2.1.0-r1 || =2.2.2.0-r0 || =2.3.0.0-r0 || =2.3.0.0-r1 || =2.3.1.0-r0 || =2.3.2.0-r0 || =2.4.0.0-r0 || =2.4.1.0-r0 || =2.4.2.0-r0 || =2.4.3.0-r0 || =2.5.0-r0 || =2.5.2-r0 || =2.5.4-r0 || =2.5.5-r0 || =2.6.0-r0 || =2.6.1-r0 || >=0 <2.6.3-r0 | 2.6.3-r0 | |
alpine v3.9 | =0.3.1-r0 || =0.4-r0 || =0.5-r0 || =0.7-r0 || =0.7.1-r0 || =0.8-r0 || =0.9-r0 || =1.0-r0 || =1.0-r1 || =1.1-r0 || =1.1-r1 || =1.2-r1 || =1.2.1-r1 || =1.2.2-r0 || =1.2.3-r0 || =1.3.3-r0 || =1.3.4-r0 || =1.4.1-r0 || =1.4.3-r0 || =1.4.5-r0 || =1.5.0-r0 || =1.5.4-r0 || =1.5.5-r0 || =1.6.1-r0 || =1.6.5-r0 || =1.6.6-r0 || =1.6.7-r0 || =1.7.0-r0 || =1.7.1-r0 || =1.7.2-r0 || =1.8.0-r0 || =1.8.2-r0 || =1.8.4-r0 || =1.9.2-r0 || =1.9.2-r1 || =1.9.3-r0 || =1.9.3-r1 || =1.9.4-r0 || =2.0.0.2-r0 || =2.0.0.2-r1 || =2.0.1.0-r1 || =2.1.0.0-r0 || =2.1.1.0-r0 || =2.1.2.0-r0 || =2.2.0.0-r0 || =2.2.1.0-r0 || =2.2.1.0-r1 || =2.2.2.0-r0 || =2.3.0.0-r0 || =2.3.0.0-r1 || =2.3.1.0-r0 || =2.3.2.0-r0 || =2.4.0.0-r0 || =2.4.1.0-r0 || =2.4.2.0-r0 || =2.4.3.0-r0 || =2.5.0-r0 || =2.5.2-r0 || =2.5.4-r0 || =2.5.5-r0 || =2.6.0-r0 || =2.6.1-r0 || >=0 <2.6.3-r0 | 2.6.3-r0 | |
debian 13 | >=0 <2.6.1+dfsg-1 | 2.6.1+dfsg-1 | |
debian 11 | >=0 <2.6.1+dfsg-1 | 2.6.1+dfsg-1 |
1-10 of 11
10
Aliases
1. CVE-2018-108752. NVD-2018-108753. OSV-2018-108754. OSV-ALPINE-2018-108755. OSV-DEBIAN-2018-108756. GCVE-2018-108757. lists.debian.org8. access.redhat.com9. access.redhat.com10. access.redhat.com11. access.redhat.com12. access.redhat.com13. access.redhat.com14. access.redhat.com15. access.redhat.com16. SECURITY-CVE-2018-1087517. SECURITY-TRACKER-CVE-2018-10875
References
1. https://github.com/ansible/ansible/issues/423882. https://github.com/ansible/ansible/pull/435833. https://github.com/ansible/ansible/pull/420704. https://github.com/ansible/ansible/commit/ff980afefdbe4ceb828bdb1bb2eef03cf616bf635. https://github.com/ansible/ansible/commit/4cecbe81adbc655d7ab734165d3ac539f8ba59816. https://github.com/ansible/ansible/commit/f32c42c37aaf7b9db93ea3151b2f42a0c4bd81727. https://www.debian.org/security/2019/dsa-43968. https://web.archive.org/web/20201130165946/http://www.securitytracker.com/id/10413969. https://usn.ubuntu.com/4072-110. https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-43.yaml11. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1087512. http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html
Does your application use this vulnerable software?
During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.