exploitDog

CVE-2017-8109

Опубликовано: 25 апр. 2017

Источник: debian

Описание

The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
salt	fixed	2016.11.5+ds-1		package
salt	fixed	2016.11.2+ds-1+deb9u2	stretch	package
salt	not-affected		jessie	package

Примечания

https://github.com/saltstack/salt/issues/40075
https://github.com/saltstack/salt/pull/40609
https://github.com/saltstack/salt/commit/8492cef7a5c8871a3978ffc2f6e48b3b960e0151

Связанные уязвимости

CVE-2017-8109

CVSS3: 7.8

ubuntu

почти 9 лет назад

The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).

CVE-2017-8109

CVSS3: 5.5

redhat

почти 9 лет назад

The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).

CVE-2017-8109

CVSS3: 7.8

nvd

почти 9 лет назад

The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).

GHSA-xcx4-5wq7-g5g7

CVSS3: 7.8

github

больше 3 лет назад

SaltStack Salt Information Exposure

SUSE-SU-2017:1582-1

suse-cvrf

больше 8 лет назад

Security update for Salt