Home > Vulnerability Database > CVE-2015-8034

Mend.io Vulnerability Database

CVE-2015-8034

Good to know:

Date: January 30, 2017

The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.

Severity Score

3.3

Related Resources (8)

Url: http://www.securityfocus.com/bid/96390

Url: https://github.com/saltstack/salt

Url: https://github.com/saltstack/salt/issues/28455

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-8034

Url: https://web.archive.org/web/20200227192308/http://www.securityfocus.com/bid/96390

Url: https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2017-32.yaml

Url: https://docs.saltstack.com/en/latest/topics/releases/2015.8.3.html

Url: https://www.mend.io/vulnerability-database/CVE-2015-8034

Severity Score

3.3

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Top Fix

Upgrade Version

Upgrade to version salt - 2015.8.3

Learn More

CVSS v3.1

Base Score:	3.3
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	2.1
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2015-8034

Good to know:

Date: January 30, 2017

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?