What is CVE-2017-8109?

CVE-2017-8109 is a high-severity vulnerability in Saltstack Salt, classified under Information Disclosure. CVSS score: 7.8/10. Published 2017-04-25.

How severe is CVE-2017-8109?

High severity. CVSS v3 base score is 7.8 out of 10.

Information disclosure in Saltstack Salt

CVE-2017-8109

The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).

Vulnerability class: Information Disclosure

EPSS: 0.000 (15.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Saltstack Salt — versions 2016.11, 2016.11.0, 2016.11.1
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

cve@mitre.org (x_refsource_CONFIRM, Patch, Third Party Advisory, Issue Tracking)
cve@mitre.org (x_refsource_CONFIRM, Patch, Third Party Advisory, Issue Tracking)
cve@mitre.org (x_refsource_CONFIRM, Patch, Third Party Advisory, Issue Tracking)
cve@mitre.org (x_refsource_CONFIRM, Patch, Issue Tracking)
cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM, Patch, Release Notes, Vendor Advisory)

Frequently asked questions

What is CVE-2017-8109?: CVE-2017-8109 is a high-severity vulnerability in Saltstack Salt, classified under Information Disclosure. CVSS score: 7.8/10. Published 2017-04-25.
How severe is CVE-2017-8109?: High severity. CVSS v3 base score is 7.8 out of 10.