Lucene search

[email protected]CVE-2015-6918

HistoryOct 10, 2017 - 4:29 p.m.

CVE-2015-6918

2017-10-1016:29:00

CWE-200

[email protected]

web.nvd.nist.gov

cve

salt

nvd

security

git

username

password

leak

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

25.0%

JSON

salt before 2015.5.5 leaks git usernames and passwords to the log.

CPENameOperatorVersion
saltstack:salt_2015saltstack salt 2015le5.4

CPE	Name	Operator	Version
saltstack:salt_2015	saltstack salt 2015	le	5.4

References

bugzilla.redhat.com/show_bug.cgi?id=1257154

github.com/saltstack/salt/commit/28aa9b105804ff433d8f663b2f9b804f2b75495a

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

25.0%

JSON

Related for CVE-2015-6918

debiancve1 osv2 ubuntucve1 veracode1 cvelist1 github1 prion1 freebsd1 nessus2 openvas1 ubuntu1