CVE-2017-8109

The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
VendorProductVersion
saltstacksalt
2016.11
saltstacksalt
2016.11.0
saltstacksalt
2016.11.0:rc1
saltstacksalt
2016.11.0:rc2
saltstacksalt
2016.11.1
saltstacksalt
2016.11.2
saltstacksalt
2016.11.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
salt
cosmic
not-affected
bionic
not-affected
artful
ignored
zesty
ignored
yakkety
ignored
xenial
not-affected
trusty
not-affected
precise
dne
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/98095
https://bugzilla.suse.com/show_bug.cgi?id=1035912
https://docs.saltstack.com/en/latest/topics/releases/2016.11.4.html
https://github.com/saltstack/salt/issues/40075
https://github.com/saltstack/salt/pull/40609
https://github.com/saltstack/salt/pull/40609/commits/6e34c2b5e5e849302af7ccd00509929c3809c658
http://www.securityfocus.com/bid/98095
https://bugzilla.suse.com/show_bug.cgi?id=1035912
https://docs.saltstack.com/en/latest/topics/releases/2016.11.4.html
https://github.com/saltstack/salt/issues/40075
https://github.com/saltstack/salt/pull/40609
https://github.com/saltstack/salt/pull/40609/commits/6e34c2b5e5e849302af7ccd00509929c3809c658