CVE-2015-8034

LOW3.3EPSS 0.03%

Salt uses weak permissions on the cache data

發布日:2022/5/17修改日:2024/10/21

也稱為:GHSA-6prw-8xhm-h247PYSEC-2017-32

描述

The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.

受影響套件(2)

PyPI/saltfrom 0, < 2015.8.3
PyPI/saltfrom 0, < 2015.8.3

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	LOW3.3	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

參考連結(7)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-8034
PATCHhttps://github.com/saltstack/salt
WEBhttps://docs.saltstack.com/en/latest/topics/releases/2015.8.3.html
WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2017-32.yaml
WEBhttps://github.com/saltstack/salt/issues/28455
WEBhttps://web.archive.org/web/20200227192308/http://www.securityfocus.com/bid/96390
WEBhttp://www.securityfocus.com/bid/96390