CVE-2014-4660

Name: CVE-2014-4660
Creator: NVD / NIST
Published: 2020-02-20T03:15:10.653+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.5/10EPSS 0.38%

Last modified Jun 17, 2026

CVE-2014-4660 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the "deb http://user:pass@server:port/" format.. EPSS estimates a 0.38% chance of exploitation in the next 30 days.

Description

Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the "deb http://user:pass@server:port/" format.

Metrics

CVSS 3.1

5.5/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Probability

0.38%

29.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-522

Affected Software

Vendor	Product	Versions
Redhat	Ansible	< 1.5.5

References

https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.mdRelease Notes
https://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08Patch
https://security-tracker.debian.org/tracker/CVE-2014-4660Patch, Third Party Advisory
https://www.openwall.com/lists/oss-security/2014/06/26/19Mailing List, Patch, Third Party Advisory
https://www.securityfocus.com/bid/68231Third Party Advisory, VDB Entry
https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.mdRelease Notes
https://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08Patch
https://security-tracker.debian.org/tracker/CVE-2014-4660Patch, Third Party Advisory
https://www.openwall.com/lists/oss-security/2014/06/26/19Mailing List, Patch, Third Party Advisory
https://www.securityfocus.com/bid/68231Third Party Advisory, VDB Entry

Timeline

Published: Feb 20, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2014-4660?

How severe is CVE-2014-4660?

CVE-2014-4660 has a CVSS score of 5.5/10 (MEDIUM severity). The EPSS model estimates a 0.38% probability of exploitation in the next 30 days.

How do I fix CVE-2014-4660?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-4660?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST