CVE-2020-1734OS Command Injection in Redhat Ansible

CWE-78OS Command Injection12 documents7 sources
Severity
7.4HIGHNVD
EPSS
0.1%
top 67.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Redhat AnsibleRedhat Ansible EngineRedhat Ansible Tower+1 more
Timeline
PublishedMar 3
Latest updateFeb 9

Description

A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:LExploitability: 0.8 | Impact: 6.0

Affected Packages4 packages

PyPIredhat/ansible2.10.0a12.10.0rc1+2
NVDredhat/ansible_engine2.7.16+2
CVEListV5red_hat/ansiblen/a

🔴Vulnerability Details

4
GHSA
OS Command Injection in ansible2022-02-09
OSV
OS Command Injection in ansible2022-02-09
CVEList
CVE-2020-1734: A flaw was found in the pipe lookup plugin of ansible2020-03-03
OSV
CVE-2020-1734: A flaw was found in the pipe lookup plugin of ansible2020-03-03

📋Vendor Advisories

2
Red Hat
ansible: shell enabled by default in a pipe lookup plugin subprocess2020-02-18
Debian
CVE-2020-1734: ansible - A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be...2020

💬Community

5
Bugzilla
CVE-2020-27766 ImageMagick: outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c2020-11-04
Bugzilla
CVE-2020-1734 ansible: shell enabled by default in a pipe lookup plugin subprocess [openstack-rdo]2020-02-27
Bugzilla
CVE-2020-1734 ansible: shell enabled by default in a pipe lookup plugin subprocess [fedora-all]2020-02-20
Bugzilla
CVE-2020-1734 ansible: shell enabled by default in a pipe lookup plugin subprocess [epel-all]2020-02-20
Bugzilla
CVE-2020-1734 ansible: shell enabled by default in a pipe lookup plugin subprocess2020-02-11