Salt uses weak permissions on the cache data

GHSA-6prw-8xhm-h247 · CVE-2015-8034 · PYSEC-2017-32

Published May 17, 2022 · Modified Oct 21, 2024

Description

The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2015-8034
WEB https://github.com/saltstack/salt/issues/28455
WEB https://docs.saltstack.com/en/latest/topics/releases/2015.8.3.html
WEB https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2017-32.yaml
PACKAGE https://github.com/saltstack/salt
WEB https://web.archive.org/web/20200227192308/http://www.securityfocus.com/bid/96390

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes