GHSA-5g4v-2pc6-4hh4

Опубликовано: 17 мая 2022

Источник: github

Github: Прошло ревью

CVSS4: 6.8

CVSS3: 5.5

Описание

Ansible Sensitive Files Are Locally Readable

The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file.

Ссылки

Пакеты

Наименование

ansible

pip

Затронутые версииВерсия исправления

< 1.5.5

1.5.5

EPSS

Процентиль: 31%

0.00119

Низкий

6.8 Medium

CVSS4

5.5 Medium

CVSS3

CVE ID

CVE-2014-4658

Дефекты

CWE-200

Связанные уязвимости

CVE-2014-4658

CVSS3: 5.5

ubuntu

почти 6 лет назад

The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file.

CVE-2014-4658

CVSS3: 5.5

redhat

почти 12 лет назад

The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file.

CVE-2014-4658

CVSS3: 5.5

nvd

почти 6 лет назад

The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file.

CVE-2014-4658

CVSS3: 5.5

debian

почти 6 лет назад

The vault subsystem in Ansible before 1.5.5 does not set the umask bef ...

EPSS

Процентиль: 31%

0.00119

Низкий

6.8 Medium

CVSS4

5.5 Medium

CVSS3

CVE ID

CVE-2014-4658

Дефекты

CWE-200