Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2017-8109

The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).

  • Published: Apr 25, 2017
  • Updated: Apr 13, 2023
  • CVE: CVE-2017-8109
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.8
  • AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: Low
  • Score: 2.1
  • AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

Software From Fixed in
saltstack / salt 2016.11.2 2016.11.2.x
saltstack / salt 2016.11.1 2016.11.1.x
saltstack / salt 2016.11.0 2016.11.0.x
saltstack / salt 2016.11.0-rc2 2016.11.0-rc2.x
saltstack / salt 2016.11 2016.11.x
saltstack / salt 2016.11.3 2016.11.3.x
saltstack / salt 2016.11.0-rc1 2016.11.0-rc1.x