6.3 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the “deb http://user:pass@server:port/” format.
github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md
www.securityfocus.com/bid/68234