Saltstack Salt 2015.8.2 weak Obtain Information Vulnerability


Saltstack Salt is prone to a gain information vulnerability.This allows local or remote attackers to gain privileges via a malicious program in the affected application


The original article can be found at:


Vulnerable Systems:
 * Saltstack Salt 2015.8.2

The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.

CVE Information:

Disclosure Timeline:
Publish Date : 2017-01-30
Last Update Date : 2017-03-01

Categories: News