← Volver a CVEs
CVE-2017-8109
N/ADescripcion
The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).
Detalles CVE
Puntuacion CVSS v3.1N/A
Publicado4/25/2017
Ultima modificacion4/20/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
saltstack:salt
Debilidades (CWE)
CWE-200
Referencias
http://www.securityfocus.com/bid/98095(cve@mitre.org)
https://bugzilla.suse.com/show_bug.cgi?id=1035912(cve@mitre.org)
https://github.com/saltstack/salt/issues/40075(cve@mitre.org)
https://github.com/saltstack/salt/pull/40609(cve@mitre.org)
https://github.com/saltstack/salt/pull/40609/commits/6e34c2b5e5e849302af7ccd00509929c3809c658(cve@mitre.org)
http://www.securityfocus.com/bid/98095(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.suse.com/show_bug.cgi?id=1035912(af854a3a-2127-422b-91ae-364da2661108)
https://docs.saltstack.com/en/latest/topics/releases/2016.11.4.html(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/saltstack/salt/issues/40075(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/saltstack/salt/pull/40609(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/saltstack/salt/pull/40609/commits/6e34c2b5e5e849302af7ccd00509929c3809c658(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.