← Volver a CVEs
CVE-2017-7550
CRITICAL9.8
Descripcion
A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in the module documentation.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado11/21/2017
Ultima modificacion4/20/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
redhat:ansibleredhat:enterprise_linux_server
Debilidades (CWE)
CWE-532CWE-532
Referencias
https://access.redhat.com/errata/RHSA-2017:2966(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=1473645(secalert@redhat.com)
https://github.com/ansible/ansible/issues/30874(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2017:2966(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1473645(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/ansible/ansible/issues/30874(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.