Описание
The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 1.2 | calamari-server | Will not fix | ||
| Red Hat Ceph Storage 1.2 | salt | Will not fix | ||
| Red Hat Ceph Storage 1.3 | calamari-server | Will not fix | ||
| Red Hat Ceph Storage 1.3 | salt | Will not fix |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1289109salt: Information leak from state.sls cache data stored as world-readable
EPSS
Процентиль: 10%
0.00035
Низкий
4 Medium
CVSS2
Связанные уязвимости
CVSS3: 3.3
ubuntu
около 9 лет назад
The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.
CVSS3: 3.3
nvd
около 9 лет назад
The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.
CVSS3: 3.3
debian
около 9 лет назад
The state.sls function in Salt before 2015.8.3 uses weak permissions o ...
EPSS
Процентиль: 10%
0.00035
Низкий
4 Medium
CVSS2