Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-6667-f46p-pg88

Опубликовано: 17 мая 2022
Источник: github
Github: Прошло ревью
CVSS4: 6.8
CVSS3: 5.5

Описание

Ansible sets unsafe permissions for sources.list

Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format.

Ссылки

Пакеты

Наименование

ansible

pip
Затронутые версииВерсия исправления

< 1.5.5

1.5.5

EPSS

Процентиль: 24%
0.00081
Низкий

6.8 Medium

CVSS4

5.5 Medium

CVSS3

CVE ID

CVE-2014-4659

Дефекты

CWE-522

Связанные уязвимости

ubuntu логотип

CVE-2014-4659

CVSS3: 5.5
ubuntu
почти 6 лет назад

Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format.

redhat логотип

CVE-2014-4659

CVSS3: 5.5
redhat
больше 11 лет назад

Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format.

nvd логотип

CVE-2014-4659

CVSS3: 5.5
nvd
почти 6 лет назад

Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format.

debian логотип

CVE-2014-4659

CVSS3: 5.5
debian
почти 6 лет назад

Ansible before 1.5.5 sets 0644 permissions for sources.list, which mig ...

EPSS

Процентиль: 24%
0.00081
Низкий

6.8 Medium

CVSS4

5.5 Medium

CVSS3

CVE ID

CVE-2014-4659

Дефекты

CWE-522