Lucene search
GoogleOSV:GHSA-5XM4-JMPW-P6J3HistoryMay 17, 2022 - 7:57 p.m.
Ansible discloses credential information
2022-05-1719:57:32
Google
osv.dev
6
0.0004 Low
EPSS
Percentile
5.1%
Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the deb http://user:pass@server:port/ format.
References
github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md
github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08
nvd.nist.gov/vuln/detail/CVE-2014-4660
security-tracker.debian.org/tracker/CVE-2014-4660
web.archive.org/web/20200229060002/https://www.securityfocus.com/bid/68231
www.openwall.com/lists/oss-security/2014/06/26/19
Related
prion
prion
Format string
2020-02-20 03:15:00
nvd
nvd
CVE-2014-4660
2020-02-20 03:15:10
debiancve
debiancve
CVE-2014-4660
2020-02-20 03:15:10
cve
cve
CVE-2014-4660
2020-02-20 03:15:10
veracode
veracode
Information Disclosure
2017-05-03 08:20:57
cvelist
cvelist
CVE-2014-4660
2020-02-20 02:08:50
github
github
Ansible discloses credential information
2022-05-17 19:57:32
ubuntucve
ubuntucve
CVE-2014-4660
2020-02-20 00:00:00
osv
osv
PYSEC-2020-202
2020-02-20 03:15:00