CVE-2014-4658: Ansible Sensitive Files Are Locally Readable
5.5
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.31768%
CWE
Published
5/17/2022
Updated
9/5/2024
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
ansible | pip | < 1.5.5 | 1.5.5 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from missing umask restrictions in vault file operations. The GitHub commit a0e027f explicitly adds umask(0077)
calls in these two functions to fix the issue. The pre-patch code lacked these protections, leaving file creation/modification vulnerable to permission leaks. Both functions directly handle vault file I/O without proper permission constraints in vulnerable versions, matching the CVE description of insecure umask handling.