Vulnerabilities > CVE-2017-7550 - Information Exposure Through Log Files vulnerability in Redhat Ansible and Enterprise Linux Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in the module documentation.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Fuzzing and observing application log data/errors for application mapping An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. Fuzzing techniques involve sending random or malformed messages to a target and monitoring the target's response. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash. By observing logs and error messages, the attacker can learn details about the configuration of the target application and might be able to cause the target to disclose sensitive information.
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-1259.NASL description This update for ansible to version 2.4.1.0 fixes the following vulnerabilities : - CVE-2017-7481: Security issue with lookup return not tainting the jinja2 environment (bsc#1038785) - CVE-2016-9587: host to controller command execution vulnerability (bsc#1019021) - CVE-2016-8628: Command injection by compromised server via fact variables (bsc#1008037) - CVE-2016-8614: Improper verification of key fingerprints in apt_key module (bsc#1008038) - CVE-2017-7550: jenkins_plugin module may have exposed passwords in remote host logs (bsc#1065872) This update also contains a number of upstream bug fixes and improvements. last seen 2020-06-05 modified 2017-11-13 plugin id 104522 published 2017-11-13 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104522 title openSUSE Security Update : ansible (openSUSE-2017-1259) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2017-1259. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(104522); script_version("3.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-8614", "CVE-2016-8628", "CVE-2016-9587", "CVE-2017-7481", "CVE-2017-7550"); script_name(english:"openSUSE Security Update : ansible (openSUSE-2017-1259)"); script_summary(english:"Check for the openSUSE-2017-1259 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for ansible to version 2.4.1.0 fixes the following vulnerabilities : - CVE-2017-7481: Security issue with lookup return not tainting the jinja2 environment (bsc#1038785) - CVE-2016-9587: host to controller command execution vulnerability (bsc#1019021) - CVE-2016-8628: Command injection by compromised server via fact variables (bsc#1008037) - CVE-2016-8614: Improper verification of key fingerprints in apt_key module (bsc#1008038) - CVE-2017-7550: jenkins_plugin module may have exposed passwords in remote host logs (bsc#1065872) This update also contains a number of upstream bug fixes and improvements." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1008037" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1008038" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1019021" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1038785" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1065872" ); script_set_attribute( attribute:"solution", value:"Update the affected ansible package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ansible"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3"); script_set_attribute(attribute:"patch_publication_date", value:"2017/11/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.2|SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2 / 42.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if ( rpm_check(release:"SUSE42.2", reference:"ansible-2.4.1.0-2.4.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"ansible-2.4.1.0-6.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ansible"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-2966.NASL description An update for ansible is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The ansible packages have been upgraded to upstream version 2.4.0, which provides a number of bug fixes and enhancements over the previous version. For more information, please see the Ansible 2.4 Porting Guide linked in the References section. (BZ#1492477) Security Fix(es) : * A flaw was found in the way Ansible passed certain parameters to the jenkins_plugin module. A remote attacker could use this flaw to expose sensitive information from a remote host last seen 2020-06-01 modified 2020-06-02 plugin id 104005 published 2017-10-20 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104005 title RHEL 7 : ansible (RHSA-2017:2966) NASL family Fedora Local Security Checks NASL id FEDORA_2017-C2729C23B0.NASL description Update to ansible 2.4.1.0 with various bugfixes. See https://github.com/ansible/ansible/blob/stable-2.4/CHANGELOG.md for a full list of changes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-01-15 plugin id 105969 published 2018-01-15 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105969 title Fedora 27 : ansible (2017-c2729c23b0) NASL family Fedora Local Security Checks NASL id FEDORA_2017-8BF1B0C692.NASL description Update to ansible 2.4.1.0 with various bugfixes. See https://github.com/ansible/ansible/blob/stable-2.4/CHANGELOG.md for a full list of changes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-11-09 plugin id 104469 published 2017-11-09 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104469 title Fedora 26 : ansible (2017-8bf1b0c692) NASL family Fedora Local Security Checks NASL id FEDORA_2017-008017C9FE.NASL description Update to ansible 2.4.1.0 with various bugfixes. See https://github.com/ansible/ansible/blob/stable-2.4/CHANGELOG.md for a full list of changes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-11-09 plugin id 104468 published 2017-11-09 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104468 title Fedora 25 : ansible (2017-008017c9fe)
Redhat
| advisories |
| ||||
| rpms |
|