CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-8109
https://notcve.org/view.php?id=CVE-2017-8109
The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients). En las versiones anteriores a la 2016.11.4 de Salt 2016.11 el código salt-ssh esta copiado sobre la configuración de Salt Master sin ajustar convenientemente los permisos, lo que permitiría filtrar credenciales a atacantes locales en minions (clientes) configurados. • http://www.securityfocus.com/bid/98095 https://bugzilla.suse.com/show_bug.cgi?id=1035912 https://docs.saltstack.com/en/latest/topics/releases/2016.11.4.html https://github.com/saltstack/salt/issues/40075 https://github.com/saltstack/salt/pull/40609 https://github.com/saltstack/salt/pull/40609/commits/6e34c2b5e5e849302af7ccd00509929c3809c658 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1838
https://notcve.org/view.php?id=CVE-2015-1838
modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. modules/serverdensity_device.py en SaltStack en versiones anteriores a 2014.7.4 no maneja correctamente archivos en /tmp. • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175568.html https://bugzilla.redhat.com/show_bug.cgi?id=1212784 https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.html https://github.com/saltstack/salt/commit/e11298d7155e9982749483ca5538e46090caef9c • CWE-19: Data Processing Errors •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1839
https://notcve.org/view.php?id=CVE-2015-1839
modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. modules/chef.py en SaltStack en versiones anteriores a 2014.7.4 no maneja correctamente archivos en /tmp. • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175568.html https://bugzilla.redhat.com/show_bug.cgi?id=1212788 https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.html https://github.com/saltstack/salt/commit/22d2f7a1ec93300c34e8c42d14ec39d51e610b5c https://github.com/saltstack/salt/commit/b49d0d4b5ca5c6f31f03e2caf97cef1088eeed81 • CWE-19: Data Processing Errors •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9639
https://notcve.org/view.php?id=CVE-2016-9639
Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching. Salt en versiones anteriores a 2015.8.11 permite a minions eliminados para leer o escribir minions con el mismo id, relacionado con el almacenamiento en caché. • http://www.openwall.com/lists/oss-security/2016/11/25/2 http://www.openwall.com/lists/oss-security/2016/11/25/3 http://www.securityfocus.com/bid/94553 https://docs.saltstack.com/en/2015.8/ref/configuration/master.html#rotate-aes-key • CWE-284: Improper Access Control •
CVSS: 5.6EPSS: 0%CPEs: 8EXPL: 0CVE-2016-3176
https://notcve.org/view.php?id=CVE-2016-3176
Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient. Salt en versiones anteriores a 2015.5.10 y 2015.8.x en versiones anteriores a 2015.8.8, cuando la autenticación externa de PAM está habilitada, permite a atacantes eludir el servicio de autenticación configurado pasando un servicio alternativo con un comando enviado a LocalClient. • https://docs.saltstack.com/en/latest/topics/releases/2015.5.10.html https://docs.saltstack.com/en/latest/topics/releases/2015.8.8.html • CWE-287: Improper Authentication •