Home > Vulnerability Database > CVE-2017-8109

Mend.io Vulnerability Database

CVE-2017-8109

Good to know:

Date: April 25, 2017

The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).

Language: Python

Severity Score

7.8

Related Resources (10)

Url: https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2017-82.yaml

Url: https://bugzilla.suse.com/show_bug.cgi?id=1035912

Url: http://www.securityfocus.com/bid/98095

Url: https://github.com/saltstack/salt/pull/40609

Url: https://github.com/saltstack/salt/issues/40075

Url: https://github.com/saltstack/salt

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-8109

Url: https://github.com/saltstack/salt/pull/40609/commits/6e34c2b5e5e849302af7ccd00509929c3809c658

Url: https://docs.saltstack.com/en/latest/topics/releases/2016.11.4.html

Url: https://www.mend.io/vulnerability-database/CVE-2017-8109

Severity Score

7.8

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Top Fix

Upgrade Version

Upgrade to version salt - 2016.11.4

Learn More

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	2.1
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2017-8109

Good to know:

Date: April 25, 2017

Language: Python

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?