PYSEC-2017-4 — Vulnetix

PYSEC-2017-4 PUBLISHED CVSS 8.699999809265137 HIGH

A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in the module documentation.

Risk Scores

CVSS v4.0

8.699999809265137

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
PyPI	ansible	2.4.0.0, 2.3.0.0, 2.3.0.0

Timeline

Nov 21, 2017 CVE Published
Nov 8, 2023 CVE Updated
May 1, 2026 Distribution Patch
May 1, 2026 Security Advisory

References

https://bugzilla.redhat.com/show_bug.cgi?id=1473645 report
https://github.com/ansible/ansible/issues/30874 discussion
https://access.redhat.com/errata/RHSA-2017:2966 advisory

Open in Interactive Console →