CVE-2017-8109
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-8109
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-8109.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-8109
- Aliases
- Related
- Published
- 2017-04-25T17:59:00Z
- Modified
- 2025-04-20T04:06:33.066847Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).
- References
-
- http://www.securityfocus.com/bid/98095
- https://docs.saltstack.com/en/latest/topics/releases/2016.11.4.html
- https://bugzilla.suse.com/show_bug.cgi?id=1035912
- https://github.com/saltstack/salt/issues/40075
- https://github.com/saltstack/salt/pull/40609
- https://github.com/saltstack/salt/pull/40609/commits/6e34c2b5e5e849302af7ccd00509929c3809c658
Affected packages
Git / github.com/saltstack/salt
Affected ranges
- Type
- GIT
- Repo
- https://github.com/saltstack/salt
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affected
Affected versions
old-branch-2014.*
old-branch-2014.7
old-branch-2015.*
old-branch-2015.5
old-branch-2015.8
v0.*
v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.11.0
v0.12.0
v0.13.0
v0.14.0
v0.15.0
v0.16
v0.17
v0.6.0
v0.7.0
v0.8.0
v0.8.7
v0.8.8
v0.8.9
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
v0.9.6
v0.9.7
v0.9.8
v0.9.9
v2014.*
v2014.1
v2014.7
v2014.7.0
v2014.7.0rc1
v2014.7.0rc2
v2014.7.0rc3
v2014.7.0rc4
v2014.7.0rc5
v2014.7.0rc6
v2014.7.0rc7
v2014.7.1
v2014.7.2
v2014.7.3
v2014.7.4
v2014.7.5
v2014.7.6
v2014.7.7
v2014.7.8
v2014.7.9
v2015.*
v2015.2
v2015.2.0rc1
v2015.2.0rc2
v2015.5
v2015.5.0
v2015.5.1
v2015.5.11
v2015.5.2
v2015.5.3
v2015.5.4
v2015.5.5
v2015.5.6
v2015.5.7
v2015.5.8
v2015.5.9
v2015.8
v2015.8.0
v2015.8.0rc1
v2015.8.0rc2
v2015.8.0rc3
v2015.8.0rc4
v2015.8.0rc5
v2015.8.1
v2015.8.11
v2015.8.12
v2015.8.13
v2015.8.2
v2015.8.3
v2015.8.4
v2015.8.8
v2015.8.9
v2016.*
v2016.11
v2016.11.0
v2016.11.0rc1
v2016.11.0rc2
v2016.11.1
v2016.11.2
v2016.11.3
v2016.3
v2016.3.0
v2016.3.0rc0
v2016.3.0rc1
v2016.3.0rc2
v2016.3.0rc3
v2016.3.1
v2016.3.2
v2016.3.3
v2016.3.4
v2016.3.5
v2016.9