CVE-2015-8034

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Salt versions prior to 2015.8.3

Description The issue concerns the state.sls function in Salt, which uses weak permissions on the cache data. This allows local users to obtain sensitive information by reading the file.

Recommendations For versions prior to 2015.8.3, update to version 2015.8.3 or later to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2016-1175

CVE-2015-8034

GHSA-6PRW-8XHM-H247

PYSEC-2017-32

SUSE-SU-2016:1895-1

SUSE-SU-2016:1896-1

SUSE-SU-2016:1897-1

USN-8153-1

Affected Products

Alt Linux

Salt

Ubuntu

CVE-2015-8034

Weakness Enumeration

Related Identifiers

Affected Products

References · 24