ansible-config-disclosure: Ansible Configuration Page - Detect

日期: 2025-08-01 | 影响软件: ansible | POC: 已公开

漏洞描述

Ansible configuration page was detected.

PoC代码[已公开]

id: ansible-config-disclosure

info:
  name: Ansible Configuration Page - Detect
  author: pdteam
  severity: medium
  description: Ansible configuration page was detected.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cwe-id: CWE-200
  metadata:
    max-request: 1
  tags: config,exposure,vuln

http:
  - method: GET
    path:
      - '{{BaseURL}}/ansible.cfg'

    matchers:
      - type: word
        words:
          - '[defaults]'
          - '[inventory]'
        condition: and
# digest: 490a00463044022002fffb17510f97df127622eb2c38aa569b61161732371c5ae36f6396802d861602203a29add3e3b4e70dc2b4c98f64f101b9377ff86d14d9fe2beb0a9c0d8ac489d5:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/exposures/configs/ansible-config-disclosure.yaml

相关漏洞推荐