{"id":"PYSEC-2020-201","details":"Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the \"deb http://user:pass@server:port/\" format.","aliases":["CVE-2014-4659","GHSA-6667-f46p-pg88"],"modified":"2024-01-31T00:26:29.458521Z","published":"2020-02-20T15:15:00Z","references":[{"type":"WEB","url":"https://www.securityfocus.com/bid/68234"},{"type":"WEB","url":"https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md"}],"affected":[{"package":{"name":"ansible","ecosystem":"PyPI","purl":"pkg:pypi/ansible"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.5.5"}]}],"versions":["1.0","1.1","1.2","1.2.1","1.2.2","1.2.3","1.3.0","1.3.1","1.3.2","1.3.3","1.3.4","1.4","1.4.1","1.4.2","1.4.3","1.4.4","1.4.5","1.5","1.5.1","1.5.2","1.5.3","1.5.4"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/ansible/PYSEC-2020-201.yaml"}}],"schema_version":"1.7.3"}