Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-7550

Опубликовано: 25 сент. 2017
Источник: redhat
CVSS3: 8.5
EPSS Низкий

Описание

A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in the module documentation.

A flaw was found in the way Ansible passed certain parameters to the jenkins_plugin module. A remote attacker could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in the module documentation.

Отчет

Red Hat OpenStack Platform will no longer be updating the Ansible package in:

  • Red Hat OpenStack Platform 10 (Newton)
  • Red Hat OpenStack Platform 11 (Ocata) As of Red Hat Enterprise Linux 7.4, customers can consume an updated Ansible package directly from the extras-rhel-7.4 channel. For more information, refer to Red Hat Enterprise Linux release information.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Enterprise 3ansibleNot affected
Red Hat OpenStack Platform 10 (Newton)ansibleWill not fix
Red Hat OpenStack Platform 11 (Ocata)ansibleWill not fix
Red Hat OpenStack Platform 12 (Pike)ansibleWill not fix
Red Hat Quickstart Cloud Installer 1ansibleUnder investigation
Red Hat Storage 3ansibleWill not fix
Red Hat Storage Console 2ansibleWill not fix
Red Hat Enterprise Linux 7 ExtrasansibleFixedRHSA-2017:296619.10.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-532
https://bugzilla.redhat.com/show_bug.cgi?id=1473645ansible: jenkins_plugin module exposes passwords in remote host logs

EPSS

Процентиль: 71%
0.00675
Низкий

8.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-7550

CVSS3: 9.8
ubuntu
около 8 лет назад

A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in the module documentation.

nvd логотип

CVE-2017-7550

CVSS3: 9.8
nvd
около 8 лет назад

A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in the module documentation.

debian логотип

CVE-2017-7550

CVSS3: 9.8
debian
около 8 лет назад

A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x bef ...

github логотип

GHSA-588w-w6mv-3cw5

CVSS3: 9.8
github
больше 3 лет назад

Ansible Insertion of Sensitive Information into Log File vulnerability

suse-cvrf логотип

SUSE-SU-2024:1509-1

suse-cvrf
почти 2 года назад

Security update for SUSE Manager Client Tools

EPSS

Процентиль: 71%
0.00675
Низкий

8.5 High

CVSS3