Security Test: Ansible Config Exposure¶
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | Frontend Scanner |
|---|---|---|
Description¶
Default Severity:
When Ansible configuration files are left accessible to the public, they can reveal sensitive details about how your systems are configured and even include credentials. This happens when default settings or misconfigurations expose these files outside a secure environment, making them an easy target for attackers. With this information, someone could potentially access internal systems, disrupt operations, or escalate their privileges. Many developers inadvertently expose these files by not properly securing the directories where they’re stored, so it’s important to always ensure access controls are correctly set.
Configuration¶
Identifier:
information_disclosure/ansible_config_exposure
Examples¶
All configuration available:
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API8:2023 |
| OWASP LLM Top 10 | LLM06:2023 |
| PCI DSS | 2.2.2 |
| GDPR | Article-32 |
| SOC2 | CC6 |
| PSD2 | Article-95 |
| ISO 27001 | A.12.6 |
| NIST | SP800-123 |
| FedRAMP | AC-6 |
| CWE | 200 |
| CVSS Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVSS Score | 2.0 |