CVE-2017-8109
HIGH7.8EPSS 0.05%SaltStack Salt Information Exposure
發布日:2022/5/17修改日:2024/10/26
描述
The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).
受影響套件(2)
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
參考連結(9)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-8109
- PATCHhttps://github.com/saltstack/salt
- WEBhttps://bugzilla.suse.com/show_bug.cgi?id=1035912
- WEBhttps://docs.saltstack.com/en/latest/topics/releases/2016.11.4.html
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2017-82.yaml
- WEBhttps://github.com/saltstack/salt/issues/40075
- WEBhttps://github.com/saltstack/salt/pull/40609
- WEBhttps://github.com/saltstack/salt/pull/40609/commits/6e34c2b5e5e849302af7ccd00509929c3809c658
- WEBhttp://www.securityfocus.com/bid/98095