Описание
Salt allows deleted minions to read or write to minions with the same id
Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-9639
- https://docs.saltproject.io/en/latest/topics/releases/2015.8.11.html#new-master-configuration-parameter
- https://docs.saltstack.com/en/2015.8/ref/configuration/master.html#rotate-aes-key
- https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2017-34.yaml
- https://web.archive.org/web/20200227212146/http://www.securityfocus.com/bid/94553
- http://www.openwall.com/lists/oss-security/2016/11/25/2
- http://www.openwall.com/lists/oss-security/2016/11/25/3
Пакеты
Наименование
salt
pip
Затронутые версииВерсия исправления
< 2015.8.11
2015.8.11
Связанные уязвимости
CVSS3: 9.1
ubuntu
около 9 лет назад
Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.
CVSS3: 5.3
redhat
около 9 лет назад
Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.
CVSS3: 9.1
nvd
около 9 лет назад
Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.
CVSS3: 9.1
debian
около 9 лет назад
Salt before 2015.8.11 allows deleted minions to read or write to minio ...
