CVE-2020-1734
Severity Score
7.4
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.
Se encontró un fallo en el plugin pipe lookup de ansible. Los comandos arbitrarios se pueden ejecutar, cuando el plugin pipe lookup utiliza la función subprocess.Popen() con shell=True, al sobrescribir los datos de ansible y la variable no se escapa mediante el plugin citado. Un atacante podría tomar ventaja y ejecutar comandos arbitrarios al sobrescribir los datos de ansible.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-11-27 CVE Reserved
- 2020-03-03 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734 | Issue Tracking | |
| https://github.com/ansible/ansible/issues/67792 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Ansible Engine Search vendor "Redhat" for product "Ansible Engine" | <= 2.7.16 Search vendor "Redhat" for product "Ansible Engine" and version " <= 2.7.16" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Ansible Engine Search vendor "Redhat" for product "Ansible Engine" | 2.8.8 Search vendor "Redhat" for product "Ansible Engine" and version "2.8.8" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Ansible Engine Search vendor "Redhat" for product "Ansible Engine" | 2.9.5 Search vendor "Redhat" for product "Ansible Engine" and version "2.9.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Ansible Tower Search vendor "Redhat" for product "Ansible Tower" | <= 3.3.4 Search vendor "Redhat" for product "Ansible Tower" and version " <= 3.3.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Ansible Tower Search vendor "Redhat" for product "Ansible Tower" | 3.4.5 Search vendor "Redhat" for product "Ansible Tower" and version "3.4.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Ansible Tower Search vendor "Redhat" for product "Ansible Tower" | 3.5.5 Search vendor "Redhat" for product "Ansible Tower" and version "3.5.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Ansible Tower Search vendor "Redhat" for product "Ansible Tower" | 3.6.3 Search vendor "Redhat" for product "Ansible Tower" and version "3.6.3" | - |
Affected
| ||||||