Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close


Published: 20 February 2020

The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file.

From the Ubuntu Security Team

It was discovered that Ansible did not properly set permissions upon creation or modification of a vault file. A local attacker could use this to obtain sensitive information.



Cvss 3 Severity Score


Score breakdown


Package Release Status
Launchpad, Ubuntu, Debian
artful Not vulnerable
bionic Not vulnerable
cosmic Not vulnerable
disco Not vulnerable
eoan Not vulnerable
focal Not vulnerable
groovy Not vulnerable
hirsute Not vulnerable
impish Not vulnerable
jammy Not vulnerable
lucid Does not exist

precise Does not exist

saucy Ignored
(end of life)
Released (1.5.4+dfsg-1ubuntu0.1~esm2)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
Released (1.5.5+dfsg-1)
utopic Not vulnerable
vivid Not vulnerable
wily Not vulnerable
xenial Not vulnerable
yakkety Not vulnerable
zesty Not vulnerable

Severity score breakdown

Parameter Value
Base score 5.5
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact None
Availability impact None
Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N