CVE-2017-8109

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-8109

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-8109.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2017-8109

Aliases

Related

Published

2017-04-25T17:59:00Z

Modified

2025-04-20T04:06:33.066847Z

Downstream

SUSE-SU-2017:1582-1

SUSE-SU-2017:1581-1

Severity

7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).

References

Affected packages

Git / github.com/saltstack/salt

Affected ranges

Type: GIT
Repo: https://github.com/saltstack/salt
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

40f72db53e2b22e7ef88e1e150caedfdf10772f1

Last affected

4c40525554a0400083ee40f2edfb0d41433bdf0a

Last affected

52276d37a18277447fdc4150347845dd872734c7

Last affected

ec59ae67c82e2bc63e16b05d95492a0756257207

Last affected

f44724cca5147595557cba04ff215ee31c35fe73

Last affected

f7294dc85bdd975022f53cfb241877059208f82b

Last affected

f76dc0f9c06dd0690447a31544b7bd1fe7f5765a

Affected versions

old-branch-2014.*

old-branch-2014.7

old-branch-2015.*

old-branch-2015.5

old-branch-2015.8

v0.*

v0.10.0

v0.10.1

v0.10.2

v0.10.3

v0.10.4

v0.10.5

v0.11.0

v0.12.0

v0.13.0

v0.14.0

v0.15.0

v0.16

v0.17

v0.6.0

v0.7.0

v0.8.0

v0.8.7

v0.8.8

v0.8.9

v0.9.0

v0.9.1

v0.9.2

v0.9.3

v0.9.4

v0.9.5

v0.9.6

v0.9.7

v0.9.8

v0.9.9

v2014.*

v2014.1

v2014.7

v2014.7.0

v2014.7.0rc1

v2014.7.0rc2

v2014.7.0rc3

v2014.7.0rc4

v2014.7.0rc5

v2014.7.0rc6

v2014.7.0rc7

v2014.7.1

v2014.7.2

v2014.7.3

v2014.7.4

v2014.7.5

v2014.7.6

v2014.7.7

v2014.7.8

v2014.7.9

v2015.*

v2015.2

v2015.2.0rc1

v2015.2.0rc2

v2015.5

v2015.5.0

v2015.5.1

v2015.5.11

v2015.5.2

v2015.5.3

v2015.5.4

v2015.5.5

v2015.5.6

v2015.5.7

v2015.5.8

v2015.5.9

v2015.8

v2015.8.0

v2015.8.0rc1

v2015.8.0rc2

v2015.8.0rc3

v2015.8.0rc4

v2015.8.0rc5

v2015.8.1

v2015.8.11

v2015.8.12

v2015.8.13

v2015.8.2

v2015.8.3

v2015.8.4

v2015.8.8

v2015.8.9

v2016.*

v2016.11

v2016.11.0

v2016.11.0rc1

v2016.11.0rc2

v2016.11.1

v2016.11.2

v2016.11.3

v2016.3

v2016.3.0

v2016.3.0rc0

v2016.3.0rc1

v2016.3.0rc2

v2016.3.0rc3

v2016.3.1

v2016.3.2

v2016.3.3

v2016.3.4

v2016.3.5

v2016.9