CVE-2015-8034 – salt

Package

Manager: pip
Name: salt
Vulnerable Version: >=0 <2015.8.3

Severity

Level: Low

CVSS v3.1: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00035 pctl0.08515

Details

Salt uses weak permissions on the cache data The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.

Metadata

Created: 2022-05-17T02:57:25Z
Modified: 2024-10-21T21:55:26Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6prw-8xhm-h247/GHSA-6prw-8xhm-h247.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-6prw-8xhm-h247
Finding: F310
Auto approve: 1