Candidate: CVE-2014-4658
PublicDate: 2020-02-20 15:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4658
 http://www.openwall.com/lists/oss-security/2014/06/26/19
Description:
 The vault subsystem in Ansible before 1.5.5 does not set the umask before
 creation or modification of a vault file, which allows local users to
 obtain sensitive key information by reading a file.
Ubuntu-Description:
 It was discovered that Ansible did not properly set permissions upon creation
 or modification of a vault file. A local attacker could use this to obtain
 sensitive information.
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N [5.5 MEDIUM]

Patches_ansible:
 upstream: https://github.com/ansible/ansible/commit/a0e027fe362fbc209dbeff2f72d6e95f39885c69
upstream_ansible: released (1.5.5+dfsg-1)
lucid_ansible: DNE
precise_ansible: DNE
precise/esm_ansible: DNE
saucy_ansible: ignored (reached end-of-life)
trusty_ansible: ignored (out of standard support)
trusty/esm_ansible: released (1.5.4+dfsg-1ubuntu0.1~esm2)
utopic_ansible: not-affected (1.6.5+dfsg-1)
vivid_ansible: not-affected (1.6.5+dfsg-1)
vivid/stable-phone-overlay_ansible: DNE
vivid/ubuntu-core_ansible: DNE
wily_ansible: not-affected (1.6.5+dfsg-1)
xenial_ansible: not-affected (1.6.5+dfsg-1)
yakkety_ansible: not-affected (1.6.5+dfsg-1)
zesty_ansible: not-affected (1.6.5+dfsg-1)
artful_ansible: not-affected (1.6.5+dfsg-1)
bionic_ansible: not-affected (1.6.5+dfsg-1)
cosmic_ansible: not-affected (1.6.5+dfsg-1)
disco_ansible: not-affected (1.6.5+dfsg-1)
eoan_ansible: not-affected (1.6.5+dfsg-1)
focal_ansible: not-affected (1.6.5+dfsg-1)
groovy_ansible: not-affected (1.6.5+dfsg-1)
hirsute_ansible: not-affected (1.6.5+dfsg-1)
impish_ansible: not-affected (1.6.5+dfsg-1)
jammy_ansible: not-affected (1.6.5+dfsg-1)
devel_ansible: not-affected (1.6.5+dfsg-1)