VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-px3x-t4ay-aaaa

Essentials
Severities (141)
References (56)
Severity details (46)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-px3x-t4ay-aaaa
Aliases	CVE-2018-10875 GHSA-fc4h-467w-46rh PYSEC-2018-43
Summary	A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-426	Untrusted Search Path
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	4.2	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html
generic_textual	Medium	http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10875.html
cvssv3.1	7.8	https://access.redhat.com/errata/RHBA-2018:3788
generic_textual	HIGH	https://access.redhat.com/errata/RHBA-2018:3788
rhas	Moderate	https://access.redhat.com/errata/RHSA-2018:2150
rhas	Moderate	https://access.redhat.com/errata/RHSA-2018:2151
rhas	Moderate	https://access.redhat.com/errata/RHSA-2018:2152
rhas	Moderate	https://access.redhat.com/errata/RHSA-2018:2166
rhas	Moderate	https://access.redhat.com/errata/RHSA-2018:2321
rhas	Moderate	https://access.redhat.com/errata/RHSA-2018:2585
rhas	Moderate	https://access.redhat.com/errata/RHSA-2019:0054
cvssv3	7.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10875.json
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00227	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00241	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00241	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00241	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00241	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00241	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
epss	0.00344	https://api.first.org/data/v1/epss?cve=CVE-2018-10875
cvssv3.1	7.8	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875
generic_textual	HIGH	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875
generic_textual	Low	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10855
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10875
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16837
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16876
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3828
cvssv3.1	7.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-fc4h-467w-46rh
cvssv3.1	5.0	https://github.com/ansible/ansible
generic_textual	MODERATE	https://github.com/ansible/ansible
cvssv3.1	7.8	https://github.com/ansible/ansible/commit/4cecbe81adbc655d7ab734165d3ac539f8ba5981
generic_textual	HIGH	https://github.com/ansible/ansible/commit/4cecbe81adbc655d7ab734165d3ac539f8ba5981
cvssv3.1	7.8	https://github.com/ansible/ansible/commit/f32c42c37aaf7b9db93ea3151b2f42a0c4bd8172
generic_textual	HIGH	https://github.com/ansible/ansible/commit/f32c42c37aaf7b9db93ea3151b2f42a0c4bd8172
cvssv3.1	7.8	https://github.com/ansible/ansible/commit/ff980afefdbe4ceb828bdb1bb2eef03cf616bf63
generic_textual	HIGH	https://github.com/ansible/ansible/commit/ff980afefdbe4ceb828bdb1bb2eef03cf616bf63
cvssv3.1	7.8	https://github.com/ansible/ansible/issues/42388
generic_textual	HIGH	https://github.com/ansible/ansible/issues/42388
cvssv3.1	7.8	https://github.com/ansible/ansible/pull/42070
generic_textual	HIGH	https://github.com/ansible/ansible/pull/42070
cvssv3.1	7.8	https://github.com/ansible/ansible/pull/43583
generic_textual	HIGH	https://github.com/ansible/ansible/pull/43583
cvssv3.1	7.8	https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-43.yaml
generic_textual	HIGH	https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-43.yaml
cvssv3.1	5.4	https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html
generic_textual	MODERATE	https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html
cvssv2	4.6	https://nvd.nist.gov/vuln/detail/CVE-2018-10875
cvssv3	7.8	https://nvd.nist.gov/vuln/detail/CVE-2018-10875
cvssv3.1	7.8	https://nvd.nist.gov/vuln/detail/CVE-2018-10875
generic_textual	Medium	https://ubuntu.com/security/notices/USN-4072-1
cvssv3.1	4.2	https://usn.ubuntu.com/4072-1
generic_textual	MODERATE	https://usn.ubuntu.com/4072-1
generic_textual	Medium	https://usn.ubuntu.com/usn/usn-4072-1
cvssv3.1	7.8	https://web.archive.org/web/20201130165946/http://www.securitytracker.com/id/1041396
generic_textual	HIGH	https://web.archive.org/web/20201130165946/http://www.securitytracker.com/id/1041396
cvssv3.1	5.3	https://www.debian.org/security/2019/dsa-4396
generic_textual	MODERATE	https://www.debian.org/security/2019/dsa-4396
cvssv3.1	7.8	http://www.securitytracker.com/id/1041396
generic_textual	HIGH	http://www.securitytracker.com/id/1041396

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html
		http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10875.html
		https://access.redhat.com/errata/RHBA-2018:3788
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10875.json
		https://api.first.org/data/v1/epss?cve=CVE-2018-10875
		https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10855
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10875
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16837
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16876
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3828
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/ansible/ansible
		https://github.com/ansible/ansible/commit/4cecbe81adbc655d7ab734165d3ac539f8ba5981
		https://github.com/ansible/ansible/commit/f32c42c37aaf7b9db93ea3151b2f42a0c4bd8172
		https://github.com/ansible/ansible/commit/ff980afefdbe4ceb828bdb1bb2eef03cf616bf63
		https://github.com/ansible/ansible/issues/42388
		https://github.com/ansible/ansible/pull/42070
		https://github.com/ansible/ansible/pull/43583
		https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-43.yaml
		https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html
		https://ubuntu.com/security/notices/USN-4072-1
		https://usn.ubuntu.com/4072-1
		https://usn.ubuntu.com/4072-1/
		https://usn.ubuntu.com/usn/usn-4072-1
		https://web.archive.org/web/20201130165946/http://www.securitytracker.com/id/1041396
		https://www.debian.org/security/2019/dsa-4396
		http://www.securitytracker.com/id/1041396
cpe:2.3:a:redhat:ansible_engine:2.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.0:::::::*
cpe:2.3:a:redhat:ansible_engine:2.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.4:::::::*
cpe:2.3:a:redhat:ansible_engine:2.5:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.5:::::::*
cpe:2.3:a:redhat:ansible_engine:2.6:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.6:::::::*
cpe:2.3:a:redhat:ceph_storage:2.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ceph_storage:2.0:::::::*
cpe:2.3:a:redhat:ceph_storage:3.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ceph_storage:3.0:::::::*
cpe:2.3:a:redhat:gluster_storage:3.0.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:gluster_storage:3.0.0:::::::*
cpe:2.3:a:redhat:openshift:3.0::::enterprise:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:3.0::::enterprise:::
cpe:2.3:a:redhat:openstack:10:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:10:::::::*
cpe:2.3:a:redhat:openstack:12:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:12:::::::*
cpe:2.3:a:redhat:openstack:13:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:13:::::::*
cpe:2.3:a:redhat:virtualization:4.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization:4.0:::::::*
cpe:2.3:a:redhat:virtualization_host:4.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization_host:4.0:::::::*
cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*
cpe:2.3:o:debian:debian_linux:8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
cpe:2.3:o:debian:debian_linux:9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
CVE-2018-10875		https://nvd.nist.gov/vuln/detail/CVE-2018-10875
GHSA-fc4h-467w-46rh		https://github.com/advisories/GHSA-fc4h-467w-46rh
RHBA-2018:3788		https://bugzilla.redhat.com/show_bug.cgi?id=1596533
RHSA-2018:2150		https://access.redhat.com/errata/RHSA-2018:2150
RHSA-2018:2151		https://access.redhat.com/errata/RHSA-2018:2151
RHSA-2018:2152		https://access.redhat.com/errata/RHSA-2018:2152
RHSA-2018:2166		https://access.redhat.com/errata/RHSA-2018:2166
RHSA-2018:2321		https://access.redhat.com/errata/RHSA-2018:2321
RHSA-2018:2585		https://access.redhat.com/errata/RHSA-2018:2585
RHSA-2019:0054		https://access.redhat.com/errata/RHSA-2019:0054

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHBA-2018:3788

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10875.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/ansible/ansible/commit/4cecbe81adbc655d7ab734165d3ac539f8ba5981

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/ansible/ansible/commit/f32c42c37aaf7b9db93ea3151b2f42a0c4bd8172

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/ansible/ansible/commit/ff980afefdbe4ceb828bdb1bb2eef03cf616bf63

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/ansible/ansible/issues/42388

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/ansible/ansible/pull/42070

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/ansible/ansible/pull/43583

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-43.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2018-10875

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-10875

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-10875

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Found at https://usn.ubuntu.com/4072-1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://web.archive.org/web/20201130165946/http://www.securitytracker.com/id/1041396

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://www.debian.org/security/2019/dsa-4396

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.securitytracker.com/id/1041396

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.19814
EPSS Score	0.00062
Published At	June 20, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.