Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 639694 (CVE-2017-7550) - <app-admin/ansible-2.4.1: Information disclosure vulnerability
Summary: <app-admin/ansible-2.4.1: Information disclosure vulnerability
Status: RESOLVED FIXED
Alias: CVE-2017-7550
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL:
Whiteboard: B4 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-12-04 01:43 UTC by GLSAMaker/CVETool Bot
Modified: 2018-05-22 22:02 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2017-12-04 01:43:43 UTC 
CVE-2017-7550 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7550):
  A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before
  2.4.1) passed certain parameters to the jenkins_plugin module. Remote
  attackers could use this flaw to expose sensitive information from a remote
  host's logs. This flaw was fixed by not allowing passwords to be specified
  in the "params" argument, and noting this in the module documentation.
Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-12-04 01:44:28 UTC 
@Maintainers please call for stabilization when ready. 

Thank you
Comment 2 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2017-12-04 01:50:23 UTC 
cleaned up in 40bf1a5a5a1af94674217c21ea2a92a6ee7d4da5

2.4.1 was already stable (which by the description is fixed).
Comment 3 Patrice Clement (RETIRED) gentoo-dev 2018-05-22 21:48:06 UTC 
Hi Sec team.

Can someone close this bug? I think this is no longer relevant and outdated. The latest stable version available in the main repo is 2.5.2. Thanks.
Comment 4 Aaron Bauman (RETIRED) gentoo-dev 2018-05-22 22:02:26 UTC 
(In reply to Patrice Clement from comment #3)
> Hi Sec team.
> 
> Can someone close this bug? I think this is no longer relevant and outdated.
> The latest stable version available in the main repo is 2.5.2. Thanks.

Thanks, Patrice!