4 matches found
SaltStack Salt Information Exposure
The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions clients...
PYSEC-2017-82
The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions clients...
CVE-2017-8109
Removed by vendor...
CVE-2017-8109
The CVE-2017-8109 entry concerns SaltStack Salt 2016.11 before 2016.11.4, where the salt-ssh minion copied configuration from the Salt Master without adjusting permissions, potentially leaking credentials to local attackers on configured minions. Public writeups in the connected docs confirm the ...