Vulnerability: Arbitrary Code Execution via Inventory Variables in Ansible

Vulnerability: Arbitrary Code Execution via Inventory Variables in Ansible

CVE-2018-10874 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.

Learn more about our Web Application Penetration Testing UK.