Saltstack Salt 2015.8.2 weak Obtain Information Vulnerability

Summary

Saltstack Salt is prone to a gain information vulnerability.This allows local or remote attackers to gain privileges via a malicious program in the affected application

Credit:

The original article can be found at: http://www.securityfocus.com/bid/96390


Details

Vulnerable Systems:
 * Saltstack Salt 2015.8.2

The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.

CVE Information:
CVE-2015-8034

Disclosure Timeline:
Publish Date : 2017-01-30
Last Update Date : 2017-03-01

Categories: News