CVE-2017-7550

A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in the module documentation.
References
Link Resource
https://access.redhat.com/errata/RHSA-2017:2966 Issue Tracking Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1473645 Issue Tracking Third Party Advisory
https://github.com/ansible/ansible/issues/30874 Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-11-21 17:29

Updated : 2024-02-28 16:04


NVD link : CVE-2017-7550

Mitre link : CVE-2017-7550

CVE.ORG link : CVE-2017-7550


JSON object : View

Products Affected

redhat

  • ansible
  • enterprise_linux_server
CWE
CWE-532

Insertion of Sensitive Information into Log File