Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the "deb http://user:pass@server:port/" format.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-02-20T02:08:50

Updated: 2024-08-06T11:20:26.880Z

Reserved: 2014-06-25T00:00:00

Link: CVE-2014-4660

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-02-20T03:15:10.653

Modified: 2024-11-21T02:10:39.940

Link: CVE-2014-4660

cve-icon Redhat

No data.