CVE-2014-4659: 
Ansible vulnerability analysis and mitigation

Ansible before version 1.5.5 contains a security vulnerability where it sets 0644 permissions for sources.list file. This vulnerability was discovered and fixed in April 2014, affecting all versions of Ansible prior to 1.5.5. The issue impacts systems where Ansible is used to manage package repositories (Ansible Changelog, NVD).

The vulnerability is characterized by improper file permissions being set on the sources.list file, with a CVSS v3.1 Base Score of 5.5 (MEDIUM) and vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The issue specifically involves Ansible setting permissions of 0644 (readable by all users) on the sources.list file, which could contain sensitive credential information (NVD).

The vulnerability might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the 'deb http://user:pass@server:port/' format. This could lead to unauthorized access to package repositories and potential exposure of authentication credentials (NVD).

The vulnerability was fixed in Ansible version 1.5.5. The fix includes security patches relating to filename/mode upon sources list file creation. Users should upgrade to Ansible 1.5.5 or later to address this security issue (Ansible Changelog).