CVE-2020-1734

Aliases:GHSA-h39q-95q5-9jfpPYSEC-2020-6
Advisory lineage Upstream: 0 Downstream: 11
Modified
Published: 03 Mar 2020, 21:23
Last modified:04 Aug 2024, 06:46

Vulnerability Summary

Overall Risk (default)
medium
30/100
CVSS Score
7.4 HIGH
v3.1 (cve.org)
EPSS Score
0.08% LOW
0% probability -0.05%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

03 Mar 2020, 21:23
Published
Vulnerability first disclosed
04 Aug 2024, 06:46
Last Modified
Vulnerability information updated

Description

A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.

CVSS Metrics

  • v4.0HIGHScore: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L
  • v3.1HIGHScore: 7.4CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
  • v2.0LOWScore: 3.7AV:L/AC:H/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 0.08% Percentile: 24%

Techniques & Countermeasures

  • CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

    The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Affected Systems

  • PyPIansible

    ≥ 2.10.0a1, < 2.10.0rc1 | ≥ 2.9.0a1, < 2.9.11 | < 2.8.13 | < 2.7.17

  • red hatansible

    n/a

  • redhatansible_engine

    ≤ 2.7.16 | 2.8.8 | 2.9.5

  • redhatansible_tower

    ≤ 3.3.4 | 3.4.5 | 3.5.5 | 3.6.3

References (16)