CVE-2015-4017

Name of the Vulnerable Software and Affected Versions Salt versions prior to 2014.7.6

Description The issue is related to the lack of certificate verification when connecting via certain modules. Specifically, the aliyun, proxmox, and splunk modules do not verify certificates. This could potentially lead to security risks.

Recommendations For versions prior to 2014.7.6, update to version 2014.7.6 or later to resolve the issue. As a temporary workaround, consider disabling the use of the aliyun, proxmox, and splunk modules until a patch is applied. Restrict access to these modules to minimize the risk of exploitation.