A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before
2.4.1) passed certain parameters to the jenkins_plugin module. Remote
attackers could use this flaw to expose sensitive information from a remote
host's logs. This flaw was fixed by not allowing passwords to be specified
in the "params" argument, and noting this in the module documentation.
@Maintainers please call for stabilization when ready.
cleaned up in 40bf1a5a5a1af94674217c21ea2a92a6ee7d4da5
2.4.1 was already stable (which by the description is fixed).
Hi Sec team.
Can someone close this bug? I think this is no longer relevant and outdated. The latest stable version available in the main repo is 2.5.2. Thanks.
(In reply to Patrice Clement from comment #3)
> Hi Sec team.
> Can someone close this bug? I think this is no longer relevant and outdated.
> The latest stable version available in the main repo is 2.5.2. Thanks.