—

PYSEC-2020-201

상세

Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / ansible

최초 영향 버전: 0 수정 버전: 1.5.5

수정 pip install --upgrade 'ansible>=1.5.5'

참고

https://www.securityfocus.com/bid/68234 [WEB]
https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md [WEB]