Vulnerability Description
A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Ansible Engine | <= 2.7.16 |
| Redhat | Ansible Tower | <= 3.3.4 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734Issue TrackingThird Party Advisory
- https://github.com/ansible/ansible/issues/67792Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734Issue TrackingThird Party Advisory
- https://github.com/ansible/ansible/issues/67792Third Party Advisory
FAQ
What is CVE-2020-1734?
CVE-2020-1734 is a vulnerability with a CVSS score of 7.4 (HIGH). A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable...
How severe is CVE-2020-1734?
CVE-2020-1734 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-1734?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Ansible Engine, Redhat Ansible Tower.