7 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-1734
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen with shell=True, by...
GHSA-H39Q-95Q5-9JFP OS Command Injection in ansible
A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by...
CVE-2020-1734
A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by...
PYSEC-2020-6
A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by...
CVE-2020-1734
A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by...
Ansible pipe lookup plugin arbitrary command execution vulnerability
Ansible is a computer system configuration manager. A security vulnerability in the Ansible pipe lookup plugin subprocess.Popen allows remote attackers to exploit the vulnerability to submit a special request that can execute arbitrary commands...
PT-2020-5155
Name of the Vulnerable Software and Affected Versions Ansible affected versions not specified Description The issue is related to the pipe lookup plugin of Ansible, where arbitrary commands can be run when the plugin uses subprocess.Popen with shell=True by overwriting Ansible facts. The variable...