CVE-2014-4660
Description
Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the "deb http://user:pass@server:port/" format.
Risk Information
Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.119
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2014-4658,CVE-2014-4659,CVE-2014-4660 are fixed in Python-ansible 1.5.5 | Windows |
| Vulnerabilities CVE-2014-4658,CVE-2014-4659,CVE-2014-4660 are fixed in Python-ansible for linux 1.5.5 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234