Описание
A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.
Ссылки
- Issue TrackingThird Party Advisory
- Third Party Advisory
- Issue TrackingThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
EPSS
7.4 High
CVSS3
3.7 Low
CVSS2
Дефекты
Связанные уязвимости
A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.
A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.
A flaw was found in the pipe lookup plugin of ansible. Arbitrary comma ...
Уязвимость системы управления конфигурациями Ansible, связанная с неприятием мер по нейтрализации специальных элементов, используемых в команде ОС, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код
EPSS
7.4 High
CVSS3
3.7 Low
CVSS2