Red Hat, Inc. AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Red Hat, Inc. CWE-532

A flaw was found in the way Ansible passed certain parameters to the jenkins_plugin module. A remote attacker could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in the module documentation.

A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in the module documentation.

https://access.redhat.com/security/cve/CVE-2017-7550 [No Types Assigned]

Red Hat, Inc. AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Red Hat, Inc. CWE-532

A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in the module documentation.

A flaw was found in the way Ansible passed certain parameters to the jenkins_plugin module. A remote attacker could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in the module documentation.

https://access.redhat.com/security/cve/CVE-2017-7550 [No Types Assigned]

OR
     *cpe:2.3:a:ansible:ansible:*:*:*:*:*:*:*:* versions from (including) 2.3.0 up to (excluding) 2.3.3
     *cpe:2.3:a:ansible:ansible:*:*:*:*:*:*:*:* versions from (including) 2.4.0 up to (excluding) 2.4.1

OR
     *cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:* versions from (including) 2.3.0 up to (excluding) 2.3.3
     *cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:* versions from (including) 2.4.0 up to (excluding) 2.4.1

NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Red Hat, Inc. CWE-532

OR
     *cpe:2.3:a:ansible:ansible:*:*:*:*:*:*:*:* versions from (including) 2.3.0 up to (excluding) 2.3.3
     *cpe:2.3:a:ansible:ansible:*:*:*:*:*:*:*:* versions from (including) 2.4.0 up to (excluding) 2.4.1

OR
     *cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-532

https://access.redhat.com/errata/RHSA-2017:2966 No Types Assigned

https://access.redhat.com/errata/RHSA-2017:2966 Issue Tracking, Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1473645 No Types Assigned

https://bugzilla.redhat.com/show_bug.cgi?id=1473645 Issue Tracking, Third Party Advisory

https://github.com/ansible/ansible/issues/30874 No Types Assigned

https://github.com/ansible/ansible/issues/30874 Issue Tracking, Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:2966 [No Types Assigned]