OS Command Injection in Ansible - CVE-2020-1734
Published: September 22, 2022
Ansible
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the pipe lookup plugin of ansible. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
How to mitigate CVE-2020-1734
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Note, the developer does not consider this a security issue.