CVE-2017-7550

Priority
Description
A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before
2.4.1) passed certain parameters to the jenkins_plugin module. Remote
attackers could use this flaw to expose sensitive information from a remote
host's logs. This flaw was fixed by not allowing passwords to be specified
in the "params" argument, and noting this in the module documentation.
Notes
Package
Upstream:released (2.4.2.0+dfsg-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2.5.1+dfsg-1)
More Information

Updated: 2020-09-10 05:41:27 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)