CVE-2017-7550Log File Information Exposure in Redhat Ansible

CWE-532Log File Information Exposure11 documents7 sources
Severity
9.8CRITICALNVD
EPSS
0.7%
top 28.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Redhat AnsibleRED HAT INC AnsibleRedhat Enterprise Linux Server
Timeline
PublishedNov 21
Latest updateMay 13

Description

A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in the module documentation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

NVDredhat/ansible2.3.02.3.3+1
PyPIredhat/ansible2.4.0.02.4.1.0+1
Debianredhat/ansible< 2.4.2.0+dfsg-1+3
CVEListV5red_hat_inc/ansible2.3.x before 2.3.3, 2.4.x before 2.4.1

🔴Vulnerability Details

5
OSV
Ansible Insertion of Sensitive Information into Log File vulnerability2022-05-13
GHSA
Ansible Insertion of Sensitive Information into Log File vulnerability2022-05-13
OSV
qemu vulnerabilities2018-05-16
CVEList
CVE-2017-7550: A flaw was found in the way Ansible (22017-11-21
OSV
CVE-2017-7550: A flaw was found in the way Ansible (22017-11-21

📋Vendor Advisories

2
Red Hat
ansible: jenkins_plugin module exposes passwords in remote host logs2017-09-25
Debian
CVE-2017-7550: ansible - A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1)...2017

💬Community

3
Bugzilla
CVE-2017-7550 ansible: jenkins_plugin module exposes passwords in remote host logs [epel-all]2017-09-25
Bugzilla
CVE-2017-7550 ansible: jenkins_plugin module exposes passwords in remote host logs [fedora-all]2017-09-25
Bugzilla
CVE-2017-7550 ansible: jenkins_plugin module exposes passwords in remote host logs2017-07-21
CVE-2017-7550 — Log File Information Exposure in Redhat | cvebase