CVE-2017-7550
- Source
- https://cve.org/CVERecord?id=CVE-2017-7550
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-7550.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-7550
- Aliases
- Downstream
- Related
- Published
- 2017-11-21T17:29:00.210Z
- Modified
- 2026-04-16T01:38:50.736621707Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in the module documentation.
- Database specific
{ "unresolved_ranges": [ { "cpe": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.0" } ], "source": "CPE_FIELD" } ] }- References
Affected packages
Git / github.com/ansible/ansible
Affected versions
v2.*
v2.3.0.0-1
v2.3.1.0-0.1.rc1
v2.3.1.0-0.2.rc2
v2.3.1.0-1
v2.3.2.0-0.1.rc1
v2.3.2.0-0.2.rc2
v2.3.2.0-0.3.rc3
v2.3.2.0-0.4.rc4
v2.3.2.0-0.5.rc5
v2.3.2.0-1
v2.3.3.0-0.1.rc1
v2.3.3.0-0.2.rc2
v2.3.3.0-0.3.rc3
v2.4.0.0-1
v2.4.1.0-0.1.beta1
v2.4.1.0-0.2.beta2
v2.4.1.0-0.3.rc1
v2.4.1.0-0.4.rc2