CVE-2017-8109 – salt

Package

Manager: pip
Name: salt
Vulnerable Version: >=2016.11 <2016.11.4

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00047 pctl0.13952

Details

SaltStack Salt Information Exposure The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).

Metadata

Created: 2022-05-17T02:46:54Z
Modified: 2024-10-26T22:34:39Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-xcx4-5wq7-g5g7/GHSA-xcx4-5wq7-g5g7.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-xcx4-5wq7-g5g7
Finding: F038
Auto approve: 1