PT-2017-18121 · Saltstack+2 · Saltstack Salt+2

Msmeissn

Published

2017-04-07

Updated

2022-05-17

CVE-2017-8109

CVSS v4.0

8.5

High

Vector

AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions SaltStack Salt versions 2016.11 through 2016.11.3

Description The issue concerns the salt-ssh minion code, which copies configuration from the Salt Master without adjusting permissions. This might lead to credentials being leaked to local attackers on configured minions.

Recommendations For SaltStack Salt versions 2016.11 through 2016.11.3, update to version 2016.11.4 or later to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2017-1436

CVE-2017-8109

GHSA-XCX4-5WQ7-G5G7

PYSEC-2017-82

SUSE-SU-2017:1581-1

SUSE-SU-2017:1582-1

Affected Products

Alt Linux

Saltstack Salt

Suse

PT-2017-18121 · Saltstack+2 · Saltstack Salt+2

CVE-2017-8109

Weakness Enumeration

Related Identifiers

Affected Products

References · 41