Описание
The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| salt | fixed | 2015.8.3+ds-1 | package | |
| salt | no-dsa | jessie | package |
Примечания
For jessie: /var/cache/salt/minion is created with restricted permissions on
first start of salt-minion in verify_env mitigating the issue, cf.
https://sources.debian.org/src/salt/2014.1.13%2Bds-3/salt/utils/verify.py/#L207
https://github.com/cachedout/salt/commit/097838ec0c52b1e96f7f761e5fb3cd7e79808741
https://github.com/saltstack/salt/issues/28455
EPSS
Связанные уязвимости
The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.
The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.
The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.
EPSS