Candidate: CVE-2017-7550
PublicDate: 2017-11-21 17:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7550
Description:
 A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before
 2.4.1) passed certain parameters to the jenkins_plugin module. Remote
 attackers could use this flaw to expose sensitive information from a remote
 host's logs. This flaw was fixed by not allowing passwords to be specified
 in the "params" argument, and noting this in the module documentation.
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=1473645
 https://github.com/ansible/ansible/issues/30874
Priority: negligible
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_ansible:
upstream_ansible: released (2.4.2.0+dfsg-1)
precise/esm_ansible: DNE
trusty_ansible: not-affected (code not present)
trusty/esm_ansible: not-affected (code not present)
vivid/ubuntu-core_ansible: DNE
xenial_ansible: not-affected (code not present)
zesty_ansible: ignored (reached end-of-life)
artful_ansible: ignored (reached end-of-life)
bionic_ansible: not-affected (2.5.1+dfsg-1)
devel_ansible: not-affected (2.6.1+dfsg-1)