CVE-2014-4658: Security fix for vault

February 20, 2020 (updated February 25, 2020)

The vault subsystem in Ansible does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file.

References

github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md
github.com/ansible/ansible/commit/a0e027fe362fbc209dbeff2f72d6e95f39885c69
nvd.nist.gov/vuln/detail/CVE-2014-4658
www.securityfocus.com/bid/68233

Detect and mitigate CVE-2014-4658 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →