CVE-2015-8034
Published: 30 January 2017
The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.
Priority
Status
Package | Release | Status |
---|---|---|
salt Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
|
bionic |
Not vulnerable
|
|
cosmic |
Not vulnerable
|
|
disco |
Not vulnerable
|
|
focal |
Does not exist
|
|
jammy |
Not vulnerable
|
|
kinetic |
Not vulnerable
|
|
lunar |
Does not exist
|
|
mantic |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Needed
|
|
upstream |
Released
(2015.8.3+ds-1)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Not vulnerable
(2015.8.8+ds-1)
|
|
yakkety |
Not vulnerable
(2016.3.1+ds-1)
|
|
zesty |
Not vulnerable
|
|
Patches: upstream: https://github.com/cachedout/salt/commit/097838ec0c52b1e96f7f761e5fb3cd7e79808741 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 3.3 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | Low |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |