Описание
Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format.
A flaw was found in ansible. Improper permissions on the sources.list might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format. The highest threat from this vulnerability is to data confidentiality.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | ansible | Not affected | ||
| Red Hat Ansible Engine 2 | ansible | Not affected | ||
| Red Hat Ansible Tower 3 | ansible | Not affected | ||
| Red Hat Ceph Storage 2 | ansible | Not affected | ||
| Red Hat Ceph Storage 3 | ansible | Not affected | ||
| Red Hat OpenStack Platform 10 (Newton) | ansible | Not affected | ||
| Red Hat OpenStack Platform 13 (Queens) | ansible | Not affected | ||
| Red Hat Storage 3 | ansible | Not affected |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS3
Связанные уязвимости
Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format.
Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format.
Ansible before 1.5.5 sets 0644 permissions for sources.list, which mig ...
Ansible sets unsafe permissions for sources.list
5.5 Medium
CVSS3