Base Score

HIGH7.4

CVE-2020-1734

A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.

VectorLOCAL

Published Bysecalert@redhat.com

Published DateMar 03, 2020, 22:15

Affected Versions(3)

ansible(PyPI)

Introduced2.10.0a1

Fixed2.10.0rc1

LimitN/A

ansible(PyPI)

Introduced2.9.0a1

Fixed2.9.11

LimitN/A

ansible(PyPI)

Introduced0

Fixed2.8.13

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
ansible(PyPI)	2.10.0a1	2.10.0rc1	N/A
ansible(PyPI)	2.9.0a1	2.9.11	N/A
ansible(PyPI)	0	2.8.13	N/A

Weakness Type (CWE):CWE-78

CVSS Metrics

Base Score

7.4

Vector String

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

HIGH

Privileges Required (PR)

LOW

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

LOW

References

Base Score

HIGH7.4

Weakness Type (CWE):CWE-78

CVSS Metrics

Base Score

7.4

Vector String

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

HIGH

Privileges Required (PR)

LOW

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

LOW