CVE-2017-8109

Metadata

low
2.1
salt
CVE-2017-8109
cve.mitre.org, github.com, github.com, github.com, bugzilla.suse.com, docs.saltstack.com, github.com, bugs.debian.org
2017-04-25
2017-10-23 14:23
CVE-2017-8109 salt
2017-07-20 21:33
2017-06-16 19:22
2017-05-10 23:52
2017-05-03 21:03
2017-04-27 20:03

Description

The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
artful salt None
devel salt None
trusty salt None
xenial salt None
zesty salt None

Unaffected

Release Package Reason
precise salt DNE
precise/esm salt DNE
vivid/stable-phone-overlay salt DNE
vivid/ubuntu-core salt DNE
yakkety salt ignored

Needs Triage

Release Package Reason
upstream salt needs-triage