4 matches found
Security Bulletin: Ansible vulnerability affects IBM Elastic Storage System 3000 (CVE-2020-1734)
Summary Ansible, which is used in IBM Elastic Storage System 3000 could allow a remote attacker to execute arbitrary commands Vulnerability Details CVEID: CVE-2020-1734 DESCRIPTION: Ansible could allow a remote attacker to execute arbitrary commands on the system, caused by a flaw in the pipe...
CVE-2020-1734
A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by...
CVE-2020-1734
CVE-2020-1734 affects the ansible pipe lookup plugin, where subprocess.Popen() with shell=True could allow an attacker to overwrite ansible facts and run arbitrary commands. The public advisories in connected documents confirm this issue and show mitigations in openSUSE/SUSE updates (e.g., ansibl...
CVE-2020-1734
A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by...