Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Remove the params module option from ldap_attr and ldap_entry (#113)
* Remove the params module option from ldap_attr and ldap_entry Module options that circumvent Ansible's option handling were disallowed in: https://meetbot.fedoraproject.org/ansible-meeting/2017-09-28/ansible_dev_meeting.2017-09-28-15.00.log.html Additionally, this particular usage can be insecure if bind_pw is set this way as the password could end up in a logfile or displayed on stdout. Fixes CVE-2020-1746 * Remove checking the version of Ansible Fix fail_json * Apply suggestions from code review Co-Authored-By: Felix Fontein <felix@fontein.de> Co-authored-by: Toshio Kuratomi <a.badger@gmail.com> Co-authored-by: Felix Fontein <felix@fontein.de>
- Loading branch information
1 parent
645fe91
commit 11ef03e
Showing
5 changed files
with
31 additions
and
27 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
removed_features: | ||
- "ldap_attr, ldap_entry - The ``params`` option has been removed in | ||
Ansible-2.10 as it circumvents Ansible's option handling. Setting | ||
``bind_pw`` with the ``params`` option was disallowed in Ansible-2.7, 2.8, | ||
and 2.9 as it was insecure. For information about this policy, see the | ||
discussion at: | ||
https://meetbot.fedoraproject.org/ansible-meeting/2017-09-28/ansible_dev_meeting.2017-09-28-15.00.log.html | ||
This fixes CVE-2020-1746" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters