Описание
The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).
Отчет
This issue did not affect the versions of the salt as shipped with Red Hat Ceph Storage 1.3, Red Hat Ceph Storage 2, and Red Hat Storage Console 2 as salt-ssh is not used with these products.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 1.3 | salt | Not affected | ||
| Red Hat Ceph Storage 2 | salt | Not affected | ||
| Red Hat Storage Console 2 | salt | Not affected |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS3
Связанные уязвимости
The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).
The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).
The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 co ...
5.5 Medium
CVSS3