← back
CVE-2017-8109

CVE-2017-8109

EPSS 0.4%
The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.suse.com/show_bug.cgi?id=1035912https://docs.saltstack.com/en/latest/topics/releases/2016.11.4.htmlhttps://github.com/saltstack/salt/issues/40075https://github.com/saltstack/salt/pull/40609https://github.com/saltstack/salt/pull/40609/commits/6e34c2b5e5e849302af7ccd00509929c3809c658http://www.securityfocus.com/bid/98095