A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734 | Issue Tracking Third Party Advisory |
https://github.com/ansible/ansible/issues/67792 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2020-03-03 22:15
Updated : 2024-02-04 20:39
NVD link : CVE-2020-1734
Mitre link : CVE-2020-1734
CVE.ORG link : CVE-2020-1734
JSON object : View
Products Affected
redhat
- ansible_engine
- ansible_tower
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')