Описание
A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.
Отчет
Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected. Ansible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected. In Red Hat OpenStack Platform, because the flaw has a lower impact, ansible is not directly customer exposed, and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP ansible package.
Меры по смягчению последствий
This issue can be avoided by escaping variables which are used in the lookup.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | ansible-tower | Not affected | ||
| Red Hat Ansible Engine 2 | ansible | Will not fix | ||
| Red Hat Ansible Tower 3 | ansible | Will not fix | ||
| Red Hat Ceph Storage 2 | ansible | Out of support scope | ||
| Red Hat Ceph Storage 3 | ansible | Affected | ||
| Red Hat OpenStack Platform 10 (Newton) | ansible | Out of support scope | ||
| Red Hat OpenStack Platform 13 (Queens) | ansible | Will not fix | ||
| Red Hat Storage 3 | ansible | Will not fix | ||
| Red Hat Ansible Tower 3.4 for RHEL 7 | ansible-tower-34/ansible-tower-memcached | Fixed | RHBA-2020:0547 | 18.02.2020 |
| Red Hat Ansible Tower 3.4 for RHEL 7 | ansible-tower-35/ansible-tower-memcached | Fixed | RHBA-2020:0547 | 18.02.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.4 High
CVSS3
Связанные уязвимости
A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.
A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.
A flaw was found in the pipe lookup plugin of ansible. Arbitrary comma ...
Уязвимость системы управления конфигурациями Ansible, связанная с неприятием мер по нейтрализации специальных элементов, используемых в команде ОС, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код
EPSS
7.4 High
CVSS3