-
Notifications
You must be signed in to change notification settings - Fork 85
Expand file tree
/
Copy pathPYSEC-2017-4.yaml
More file actions
34 lines (34 loc) · 1009 Bytes
/
PYSEC-2017-4.yaml
File metadata and controls
34 lines (34 loc) · 1009 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
id: PYSEC-2017-4
details: A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before
2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers
could use this flaw to expose sensitive information from a remote host's logs. This
flaw was fixed by not allowing passwords to be specified in the "params" argument,
and noting this in the module documentation.
affected:
- package:
name: ansible
ecosystem: PyPI
purl: pkg:pypi/ansible
ranges:
- type: ECOSYSTEM
events:
- introduced: 2.3.0.0
- fixed: 2.3.3.0
- introduced: 2.4.0.0
- fixed: 2.4.1.0
versions:
- 2.3.0.0
- 2.3.1.0
- 2.3.2.0
- 2.4.0.0
references:
- type: REPORT
url: https://github.com/ansible/ansible/issues/30874
- type: REPORT
url: https://bugzilla.redhat.com/show_bug.cgi?id=1473645
- type: ADVISORY
url: https://access.redhat.com/errata/RHSA-2017:2966
aliases:
- CVE-2017-7550
modified: "2021-07-02T02:41:33.938371Z"
published: "2017-11-21T17:29:00Z"