Lucene search
+L

4 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2020/07/22 12:10 p.m.21 views

Security Bulletin: Ansible vulnerability affects IBM Elastic Storage System 3000 (CVE-2020-1734)

Summary Ansible, which is used in IBM Elastic Storage System 3000 could allow a remote attacker to execute arbitrary commands Vulnerability Details CVEID: CVE-2020-1734 DESCRIPTION: Ansible could allow a remote attacker to execute arbitrary commands on the system, caused by a flaw in the pipe...

7.4CVSS1.7AI score0.00444EPSS
Exploits0Affected Software1
OSV
OSV
added 2020/03/03 10:15 p.m.24 views

CVE-2020-1734

A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by...

7.4CVSS7.5AI score0.00444EPSS
Exploits0References2
CVE
CVE
added 2020/03/03 9:23 p.m.158 views

CVE-2020-1734

CVE-2020-1734 affects the ansible pipe lookup plugin, where subprocess.Popen() with shell=True could allow an attacker to overwrite ansible facts and run arbitrary commands. The public advisories in connected documents confirm this issue and show mitigations in openSUSE/SUSE updates (e.g., ansibl...

7.4CVSS7.3AI score0.00444EPSS
Exploits0References2Affected Software2
RedhatCVE
RedhatCVE
added 2020/02/18 2:30 p.m.31 views

CVE-2020-1734

A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by...

7.4CVSS3.1AI score0.00444EPSS
Exploits0References3
Rows per page
Query Builder