Описание
An exposure of sensitive information flaw was found in Ansible version 3.7.0. Sensitive information, such tokens and other secrets could be readable and exposed from the rsyslog configuration file, which has set the wrong world-readable permissions. The highest threat from this vulnerability is to confidentiality. This is fixed in Ansible version 3.7.1.
Ссылки
- Issue Tracking
- Issue Tracking
Уязвимые конфигурации
EPSS
6.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
Связанные уязвимости
An exposure of sensitive information flaw was found in Ansible version 3.7.0. Sensitive information, such tokens and other secrets could be readable and exposed from the rsyslog configuration file, which has set the wrong world-readable permissions. The highest threat from this vulnerability is to confidentiality. This is fixed in Ansible version 3.7.1.
An exposure of sensitive information flaw was found in Ansible Tower before version 3.7.1. sensitive information such as Splunk tokens could be readable in the rsyslog configuration file, which has set the wrong world-readable permissions. The highest threat from this vulnerability is to confidentiality.
Уязвимость файла конфигурации rsyslog системы управления конфигурациями Ansible, позволющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
6.5 Medium
CVSS3
2.1 Low
CVSS2