Search for vulnerabilities
Vulnerability details: VCID-jag6-jqhh-aaab
Vulnerability ID VCID-jag6-jqhh-aaab
Aliases CVE-2014-4659
GHSA-6667-f46p-pg88
PYSEC-2020-201
Summary Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (5)
CWE-522 Insufficiently Protected Credentials
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-732 Incorrect Permission Assignment for Critical Resource
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-4659.html
cvssv3 5.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4659.json
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2014-4659
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1831254
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4659
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-6667-f46p-pg88
cvssv3.1 5.5 https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md
generic_textual MODERATE https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md
cvssv3.1 5.5 https://github.com/ansible/ansible/commit/a0e027fe362fbc209dbeff2f72d6e95f39885c69
generic_textual MODERATE https://github.com/ansible/ansible/commit/a0e027fe362fbc209dbeff2f72d6e95f39885c69
cvssv3.1 5.5 https://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08
generic_textual MODERATE https://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08
cvssv3.1 5.5 https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-201.yaml
generic_textual MODERATE https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-201.yaml
cvssv2 2.1 https://nvd.nist.gov/vuln/detail/CVE-2014-4659
cvssv3 5.5 https://nvd.nist.gov/vuln/detail/CVE-2014-4659
cvssv3.1 5.5 https://nvd.nist.gov/vuln/detail/CVE-2014-4659
cvssv3.1 5.5 https://web.archive.org/web/20200229060001/https://www.securityfocus.com/bid/68234
generic_textual MODERATE https://web.archive.org/web/20200229060001/https://www.securityfocus.com/bid/68234
generic_textual Medium http://www.openwall.com/lists/oss-security/2014/06/26/19
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-4659.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4659.json
https://api.first.org/data/v1/epss?cve=CVE-2014-4659
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4659
https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md
https://github.com/ansible/ansible/commit/a0e027fe362fbc209dbeff2f72d6e95f39885c69
https://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08
https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-201.yaml
https://web.archive.org/web/20200229060001/https://www.securityfocus.com/bid/68234
https://www.securityfocus.com/bid/68234
http://www.openwall.com/lists/oss-security/2014/06/26/19
1831254 https://bugzilla.redhat.com/show_bug.cgi?id=1831254
cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*
CVE-2014-4659 https://nvd.nist.gov/vuln/detail/CVE-2014-4659
GHSA-6667-f46p-pg88 https://github.com/advisories/GHSA-6667-f46p-pg88
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4659.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible/commit/a0e027fe362fbc209dbeff2f72d6e95f39885c69
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-201.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2014-4659
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2014-4659
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2014-4659
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://web.archive.org/web/20200229060001/https://www.securityfocus.com/bid/68234
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.05128
EPSS Score 0.00042
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.