CVE-2020-1734

HIGH

Ansible Engine < 2.7.16 and Ansible Tower < 3.3.4 - OS Command Injection via Pipe Lookup Plugin

Title source: llm

Description

A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.

References (2)

Core 2

Core References

Issue Tracking, Third Party Advisory x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734

Third Party Advisory x_refsource_misc

https://github.com/ansible/ansible/issues/67792

Scores

CVSS v3 7.4

EPSS 0.0008

EPSS Percentile 24.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L

Details

CWE

CWE-78

Status published

Products (8)

pypi/ansible 2.10.0a1 - 2.10.0rc1PyPI

redhat/ansible_engine 2.8.8

redhat/ansible_engine 2.9.5

redhat/ansible_engine < 2.7.16

redhat/ansible_tower 3.4.5

redhat/ansible_tower 3.5.5

redhat/ansible_tower 3.6.3

redhat/ansible_tower < 3.3.4

Published Mar 03, 2020

Tracked Since Feb 18, 2026