CVE-2015-6941
Published: 9 August 2017
win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs.
From the Ubuntu Security Team
It was discovered that the salt has a vulnerability where it exposes sensitive informations in the log files. An attacker could use this retrieve it.
Priority
Status
Package | Release | Status |
---|---|---|
salt Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(2015.8.1+ds-2)
|
bionic |
Not vulnerable
(2015.8.1+ds-2)
|
|
cosmic |
Not vulnerable
(2015.8.1+ds-2)
|
|
disco |
Not vulnerable
(2015.8.1+ds-2)
|
|
precise |
Does not exist
|
|
trusty |
Released
(0.17.5+ds-1ubuntu0.1~esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Released
(2015.8.1+ds-1)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Not vulnerable
(2015.8.1+ds-2)
|
|
yakkety |
Not vulnerable
(2015.8.1+ds-2)
|
|
zesty |
Not vulnerable
(2015.8.1+ds-2)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |