CVE-2020-1734

{"id": "CVE-2020-1734", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.7, "accessVector": "LOCAL", "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 1.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 0.8}, {"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 0.8}]}, "published": "2020-03-03T22:15:10.843", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/ansible/ansible/issues/67792", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-78"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en el plugin pipe lookup de ansible. Los comandos arbitrarios se pueden ejecutar, cuando el plugin pipe lookup utiliza la funci\u00f3n subprocess.Popen() con shell=True, al sobrescribir los datos de ansible y la variable no se escapa mediante el plugin citado. Un atacante podr\u00eda tomar ventaja y ejecutar comandos arbitrarios al sobrescribir los datos de ansible."}], "lastModified": "2023-02-12T23:40:34.557", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E713A0F-6AD3-409E-87AA-DE7EB5B7525C", "versionEndIncluding": "2.7.16"}, {"criteria": "cpe:2.3:a:redhat:ansible_engine:2.8.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDC2F2BC-209D-4FA4-B1E1-E486DE8AC48B"}, {"criteria": "cpe:2.3:a:redhat:ansible_engine:2.9.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8599992B-8847-4332-80CC-F98FA4125272"}, {"criteria": "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3C5721F-050A-42A3-A71D-6C6BA23D58FE", "versionEndIncluding": "3.3.4"}, {"criteria": "cpe:2.3:a:redhat:ansible_tower:3.4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16776B7F-83E9-4918-94D8-60CA0F96F870"}, {"criteria": "cpe:2.3:a:redhat:ansible_tower:3.5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FE9389E-3129-4A14-96CA-5113BD09AD10"}, {"criteria": "cpe:2.3:a:redhat:ansible_tower:3.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E695D048-7109-4840-8DE1-59AC1690E667"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}