HIGH 7.5 PyPI
Salt vulnerable to Improper Certificate Validation
GHSA-8j9g-c9rp-jvg4 · CVE-2015-4017 · PYSEC-2017-31
Published · Modified
Description
Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2015-4017
- WEB https://bugzilla.redhat.com/show_bug.cgi?id=1222960
- WEB https://docs.saltstack.com/en/latest/topics/releases/2014.7.6.html
- WEB https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2017-31.yaml
- PACKAGE https://github.com/saltstack/salt
- WEB https://groups.google.com/forum/#!topic/salt-users/8Kv1bytGD6c
- WEB http://www.openwall.com/lists/oss-security/2015/05/19/2
Ready to move
Start Securing
Free, no credit card | First findings in minutes