CVE-2017-8109 salt

Metadata

low
2.1
salt
CVE-2017-8109
2017-09-30 17:03
CVE-2017-8109
2017-06-19 23:03
2017-06-18 07:51
2017-06-16 19:22
2017-05-26 23:03
2017-05-07 05:03
2017-05-04 05:03
2017-05-01 11:03
2017-04-27 05:03
2017-04-26 07:03

Description

The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
sid salt 2016.11.5+ds-1
stretch salt None

Unaffected

Release Package Reason
jessie salt