ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-07-24 05:40:23 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Remove the params module option from ldap_attr and ldap_entry (#113)

Browse source 
* Remove the params module option from ldap_attr and ldap_entry

Module options that circumvent Ansible's option handling were disallowed
in:
https://meetbot.fedoraproject.org/ansible-meeting/2017-09-28/ansible_dev_meeting.2017-09-28-15.00.log.html

Additionally, this particular usage can be insecure if bind_pw is set
this way as the password could end up in a logfile or displayed on
stdout.

Fixes CVE-2020-1746

* Remove checking the version of Ansible

Fix fail_json

* Apply suggestions from code review

Co-Authored-By: Felix Fontein <felix@fontein.de>

Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
Sloane Hertel 2020-04-06 12:13:04 -04:00 committed by GitHub
commit 11ef03e9dd
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 31 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

8
changelogs/fragments/ldap-params-removal.yml Normal file
View file

@ -0,0 +1,8 @@
removed_features:
- "ldap_attr, ldap_entry - The ``params`` option has been removed in
Ansible-2.10 as it circumvents Ansible's option handling. Setting
``bind_pw`` with the ``params`` option was disallowed in Ansible-2.7, 2.8,
and 2.9 as it was insecure. For information about this policy, see the
discussion at:
https://meetbot.fedoraproject.org/ansible-meeting/2017-09-28/ansible_dev_meeting.2017-09-28-15.00.log.html
This fixes CVE-2020-1746"