Miggo Logo
Miggo Vulnerability Database
CVE-2014-4658

CVE-2014-4658: Ansible Sensitive Files Are Locally Readable

5.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2014-4658
GHSA ID
GHSA-5g4v-2pc6-4hh4
EPSS Score
0.31768%
CWE
CWE-200
Published
5/17/2022
Updated
9/5/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
ansiblepip< 1.5.51.5.5

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from missing umask restrictions in vault file operations. The GitHub commit a0e027f explicitly adds umask(0077) calls in these two functions to fix the issue. The pre-patch code lacked these protections, leaving file creation/modification vulnerable to permission leaks. Both functions directly handle vault file I/O without proper permission constraints in vulnerable versions, matching the CVE description of insecure umask handling.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** v*ult su*syst*m in *nsi*l* ***or* *.*.* *o*s not s*t t** um*sk ***or* *r**tion or mo*i*i**tion o* * v*ult *il*, w*i** *llows lo**l us*rs to o*t*in s*nsitiv* k*y in*orm*tion *y r***in* * *il*.

Reasoning

T** vuln*r**ility st*ms *rom missin* um*sk r*stri*tions in v*ult *il* op*r*tions. T** *it*u* *ommit ******* *xpli*itly ***s `um*sk(****)` **lls in t**s* two *un*tions to *ix t** issu*. T** pr*-p*t** *o** l**k** t**s* prot**tions, l**vin* *il* *r**tio