Search for packages
| purl | pkg:pypi/ansible@2.4.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-vhdj-z1ew-aaap
Aliases: CVE-2017-7550 GHSA-588w-w6mv-3cw5 PYSEC-2017-4 |
A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in the module documentation. |
Affected by 37 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-vpzy-gc78-aaag
Aliases: CVE-2018-10855 GHSA-jwcc-j78w-j73w PYSEC-2018-42 |
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible. |
Affected by 36 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. Affected by 37 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-01-17T02:31:07.234369+00:00 | GHSA Importer | Affected by | VCID-vpzy-gc78-aaag | None | 35.1.0 |
| 2024-09-17T22:26:53.231253+00:00 | GitLab Importer | Affected by | VCID-vhdj-z1ew-aaap | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ansible/CVE-2017-7550.yml | 34.0.1 |
| 2024-01-03T17:52:50.258393+00:00 | GitLab Importer | Affected by | VCID-vhdj-z1ew-aaap | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ansible/CVE-2017-7550.yml | 34.0.0rc1 |
| 2024-01-03T17:44:28.597235+00:00 | GHSA Importer | Affected by | VCID-vhdj-z1ew-aaap | https://github.com/advisories/GHSA-588w-w6mv-3cw5 | 34.0.0rc1 |
| 2024-01-03T17:44:04.314152+00:00 | GHSA Importer | Affected by | VCID-vpzy-gc78-aaag | https://github.com/advisories/GHSA-jwcc-j78w-j73w | 34.0.0rc1 |