CVE-2017-7550
Description
A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote hosts logs. This flaw was fixed by not allowing passwords to be specified in the params argument, and noting this in the module documentation.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.675
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2017-7550 are fixed in Python-ansible 2.3.3.0 | Windows |
| Vulnerabilities CVE-2017-7550 are fixed in Python-ansible 2.4.1.0 | Windows |
| (RHSA-2017:2966) Moderate: ansible security, bug fix, and enhancement update ansible-2.4.0.0-5.el7.noarch.rpm | Linux |
| (RHSA-2017:2966) Moderate: ansible security, bug fix, and enhancement update ansible-doc-2.4.0.0-5.el7.noarch.rpm | Linux |
| Vulnerabilities CVE-2017-7550 are fixed in Python-ansible for linux 2.3.3.0 | Linux |
| Vulnerabilities CVE-2017-7550 are fixed in Python-ansible for linux 2.4.1.0 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234