Back to search
CVE-2017-7550
Published: Nov 21, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in the module documentation.
| Vendor | Product | Versions |
|---|---|---|
Red Hat, Inc. | ansible | affected 2.3.x before 2.3.3, 2.4.x before 2.4.1 |
Weaknesses (CWE)
References
https://bugzilla.redhat.com/show_bug.cgi?id=1473645
x_refsource_CONFIRM
https://github.com/ansible/ansible/issues/30874
x_refsource_CONFIRM
RHSA-2017:2966
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now