CVE-2017-8109

high

Description

The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).

References

https://github.com/saltstack/salt/pull/40609/commits/6e34c2b5e5e849302af7ccd00509929c3809c658

https://github.com/saltstack/salt/pull/40609

https://github.com/saltstack/salt/issues/40075

https://docs.saltstack.com/en/latest/topics/releases/2016.11.4.html

https://bugzilla.suse.com/show_bug.cgi?id=1035912

http://www.securityfocus.com/bid/98095

Details

Source: Mitre, NVD

Published: 2017-04-25

Updated: 2017-05-05

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

Detections

Analytics