PT-2017-18121 · Saltstack+2 · Saltstack Salt+2
Msmeissn
·
Publicado
2017-04-07
·
Atualizado
2022-05-17
·
CVE-2017-8109
CVSS v4.0
8.5
Alta
| Vetor | AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
SaltStack Salt versions 2016.11 through 2016.11.3
Description
The issue concerns the salt-ssh minion code, which copies configuration from the Salt Master without adjusting permissions. This might lead to credentials being leaked to local attackers on configured minions.
Recommendations
For SaltStack Salt versions 2016.11 through 2016.11.3, update to version 2016.11.4 or later to resolve the issue.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Saltstack Salt
Suse