VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-yxyq-9868-aaaj

Essentials
Severities (125)
References (39)
Severity details (31)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-yxyq-9868-aaaj
Aliases	CVE-2018-10874 GHSA-3xvg-x47j-x75w PYSEC-2018-81
Summary	In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-426	Untrusted Search Path
CWE-20	Improper Input Validation
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	Medium	http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10874.html
cvssv3.1	7.8	https://access.redhat.com/errata/RHBA-2018:3788
generic_textual	HIGH	https://access.redhat.com/errata/RHBA-2018:3788
rhas	Moderate	https://access.redhat.com/errata/RHSA-2018:2150
rhas	Moderate	https://access.redhat.com/errata/RHSA-2018:2151
rhas	Moderate	https://access.redhat.com/errata/RHSA-2018:2152
rhas	Moderate	https://access.redhat.com/errata/RHSA-2018:2166
rhas	Moderate	https://access.redhat.com/errata/RHSA-2018:2321
rhas	Moderate	https://access.redhat.com/errata/RHSA-2018:2585
rhas	Moderate	https://access.redhat.com/errata/RHSA-2019:0054
cvssv3	7.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10874.json
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00104	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00104	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00129	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00139	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
epss	0.00139	https://api.first.org/data/v1/epss?cve=CVE-2018-10874
cvssv3.1	7.8	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874
generic_textual	HIGH	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10874
cvssv3.1	7.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-3xvg-x47j-x75w
cvssv3.1	5.0	https://github.com/ansible/ansible
generic_textual	MODERATE	https://github.com/ansible/ansible
cvssv3.1	7.8	https://github.com/ansible/ansible/commit/10d6fe6c98cfee9a7be0fea6102ba5dec951aec7
generic_textual	HIGH	https://github.com/ansible/ansible/commit/10d6fe6c98cfee9a7be0fea6102ba5dec951aec7
cvssv3.1	7.8	https://github.com/ansible/ansible/commit/1f80949f964a946773f9d3ac1899535bd2cc2b8e
generic_textual	HIGH	https://github.com/ansible/ansible/commit/1f80949f964a946773f9d3ac1899535bd2cc2b8e
cvssv3.1	7.8	https://github.com/ansible/ansible/commit/44874addc7ea136f83c67d5869047ece02645fdb
generic_textual	HIGH	https://github.com/ansible/ansible/commit/44874addc7ea136f83c67d5869047ece02645fdb
cvssv3.1	7.8	https://github.com/ansible/ansible/pull/42067
generic_textual	HIGH	https://github.com/ansible/ansible/pull/42067
cvssv3.1	7.8	https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-81.yaml
generic_textual	HIGH	https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-81.yaml
cvssv2	4.6	https://nvd.nist.gov/vuln/detail/CVE-2018-10874
cvssv3	7.8	https://nvd.nist.gov/vuln/detail/CVE-2018-10874
generic_textual	Medium	https://ubuntu.com/security/notices/USN-4072-1
cvssv3.1	4.2	https://usn.ubuntu.com/4072-1
generic_textual	MODERATE	https://usn.ubuntu.com/4072-1
generic_textual	Medium	https://usn.ubuntu.com/usn/usn-4072-1
cvssv3.1	7.8	https://web.archive.org/web/20201130165946/http://www.securitytracker.com/id/1041396
generic_textual	HIGH	https://web.archive.org/web/20201130165946/http://www.securitytracker.com/id/1041396
cvssv3.1	7.8	http://www.securitytracker.com/id/1041396
generic_textual	HIGH	http://www.securitytracker.com/id/1041396

Reference id	Reference type	URL
		http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10874.html
		https://access.redhat.com/errata/RHBA-2018:3788
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10874.json
		https://api.first.org/data/v1/epss?cve=CVE-2018-10874
		https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10874
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/ansible/ansible
		https://github.com/ansible/ansible/commit/10d6fe6c98cfee9a7be0fea6102ba5dec951aec7
		https://github.com/ansible/ansible/commit/1f80949f964a946773f9d3ac1899535bd2cc2b8e
		https://github.com/ansible/ansible/commit/44874addc7ea136f83c67d5869047ece02645fdb
		https://github.com/ansible/ansible/pull/42067
		https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-81.yaml
		https://ubuntu.com/security/notices/USN-4072-1
		https://usn.ubuntu.com/4072-1
		https://usn.ubuntu.com/4072-1/
		https://usn.ubuntu.com/usn/usn-4072-1
		https://web.archive.org/web/20201130165946/http://www.securitytracker.com/id/1041396
		http://www.securitytracker.com/id/1041396
cpe:2.3:a:redhat:ansible_engine:2.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.0:::::::*
cpe:2.3:a:redhat:ansible_engine:2.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.4:::::::*
cpe:2.3:a:redhat:ansible_engine:2.5:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.5:::::::*
cpe:2.3:a:redhat:ansible_engine:2.6:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.6:::::::*
cpe:2.3:a:redhat:openstack:10:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:10:::::::*
cpe:2.3:a:redhat:openstack:12:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:12:::::::*
cpe:2.3:a:redhat:openstack:13:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:13:::::::*
cpe:2.3:a:redhat:virtualization:4.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization:4.0:::::::*
cpe:2.3:a:redhat:virtualization_host:4.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization_host:4.0:::::::*
CVE-2018-10874		https://access.redhat.com/security/cve/CVE-2018-10874
CVE-2018-10874		https://nvd.nist.gov/vuln/detail/CVE-2018-10874
GHSA-3xvg-x47j-x75w		https://github.com/advisories/GHSA-3xvg-x47j-x75w
RHBA-2018:3788		https://bugzilla.redhat.com/show_bug.cgi?id=1596528
RHSA-2018:2150		https://access.redhat.com/errata/RHSA-2018:2150
RHSA-2018:2151		https://access.redhat.com/errata/RHSA-2018:2151
RHSA-2018:2152		https://access.redhat.com/errata/RHSA-2018:2152
RHSA-2018:2166		https://access.redhat.com/errata/RHSA-2018:2166
RHSA-2018:2321		https://access.redhat.com/errata/RHSA-2018:2321
RHSA-2018:2585		https://access.redhat.com/errata/RHSA-2018:2585
RHSA-2019:0054		https://access.redhat.com/errata/RHSA-2019:0054

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHBA-2018:3788

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10874.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/ansible/ansible/commit/10d6fe6c98cfee9a7be0fea6102ba5dec951aec7

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/ansible/ansible/commit/1f80949f964a946773f9d3ac1899535bd2cc2b8e

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/ansible/ansible/commit/44874addc7ea136f83c67d5869047ece02645fdb

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/ansible/ansible/pull/42067

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-81.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2018-10874

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-10874

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Found at https://usn.ubuntu.com/4072-1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://web.archive.org/web/20201130165946/http://www.securitytracker.com/id/1041396

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.securitytracker.com/id/1041396

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.15903
EPSS Score	0.00051
Published At	April 17, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.