Information disclosure in Salt - CVE-2017-8109
Published: April 25, 2017 / Updated: August 8, 2020
Vulnerability identifier: #VU39104
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-8109
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: SaltStack
Affected software:
Salt
Salt
Detailed vulnerability description
The vulnerability allows a local authenticated user to execute arbitrary code.
The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).
How to mitigate CVE-2017-8109
Install update from vendor's website.
Sources
- http://www.securityfocus.com/bid/98095
- https://bugzilla.suse.com/show_bug.cgi?id=1035912
- https://docs.saltstack.com/en/latest/topics/releases/2016.11.4.html
- https://github.com/saltstack/salt/issues/40075
- https://github.com/saltstack/salt/pull/40609
- https://github.com/saltstack/salt/pull/40609/commits/6e34c2b5e5e849302af7ccd00509929c3809c658