Skip to content

Information Disclosure: Ansible Config Exposure

Identifier: ansible_config_exposure

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner

Description

When Ansible configuration files are left accessible to the public, they can reveal sensitive details about how your systems are configured and even include credentials. This happens when default settings or misconfigurations expose these files outside a secure environment, making them an easy target for attackers. With this information, someone could potentially access internal systems, disrupt operations, or escalate their privileges. Many developers inadvertently expose these files by not properly securing the directories where theyre stored, so its important to always ensure access controls are correctly set.

Configuration

Example

Example configuration:

---
security_tests:
  ansible_config_exposure:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference

assets_allowed

Type : List[AssetType]*

List of assets that this check will cover.

skip

Type : boolean

Skip the test if true.