CVE-2014-4658

Опубликовано: 20 фев. 2020

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file.

Ссылки

https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md
Release Notes
https://www.securityfocus.com/bid/68233
Third Party Advisory
VDB Entry
https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md
Release Notes
https://www.securityfocus.com/bid/68233
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*

Версия до 1.5.5 (исключая)

EPSS

Процентиль: 31%

0.00119

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2014-4658

CVSS3: 5.5

ubuntu

почти 6 лет назад

The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file.

CVE-2014-4658

CVSS3: 5.5

redhat

почти 12 лет назад

The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file.

CVE-2014-4658

CVSS3: 5.5

debian

почти 6 лет назад

The vault subsystem in Ansible before 1.5.5 does not set the umask bef ...

GHSA-5g4v-2pc6-4hh4

CVSS3: 5.5

github

больше 3 лет назад

Ansible Sensitive Files Are Locally Readable

EPSS

Процентиль: 31%

0.00119

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-200