Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format.
References
Link | Resource |
---|---|
https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md | Release Notes |
https://www.securityfocus.com/bid/68234 | Third Party Advisory VDB Entry |
Configurations
History
No history.
Information
Published : 2020-02-20 15:15
Updated : 2024-02-04 20:39
NVD link : CVE-2014-4659
Mitre link : CVE-2014-4659
CVE.ORG link : CVE-2014-4659
JSON object : View
Products Affected
redhat
- ansible
CWE
CWE-522
Insufficiently Protected Credentials