Ansible prior to 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb user:pass@server:port/" format.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat ansible |