CVE-2014-4658

Published: Feb 20, 2020Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file.

Affected (1)

Products: Redhat: Ansible

Redhat

1 product

Ansible

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Ansible	Before 1.5.5

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md

Source: cve@mitre.org

Release Notes

https://www.securityfocus.com/bid/68233

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://www.securityfocus.com/bid/68233

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.