3 matches found
DEBIAN-CVE-2014-4660
Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the "deb...
CVE-2014-4660
Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the "deb...
CVE-2014-4660
CVE-2014-4660 affects Ansible before 1.5.5. The issue arises because the build of filenames uses user and password fields from sources.list (deb http://user:pass@server:port/), which can let a local user disclose sensitive credentials through the presence of such a filename. The connected advisor...