The state.sls function in Salt prior to 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.
Debian Bug report logs -
#807356
salt: CVE-2015-8034: Saving statesls cache data to disk with insecure permissions
Package:
src:salt;
Maintainer for src:salt is Debian Salt Team <pkg-salt-team@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 7 Dec 2015 20:45:01 UTC
Severity ...
The statesls function in Salt before 201583 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file ...