The salt-ssh minion code in SaltStack Salt 2016.11 prior to 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
saltstack salt 2016.11.2 |
||
saltstack salt 2016.11.0 |
||
saltstack salt 2016.11 |
||
saltstack salt 2016.11.1 |
||
saltstack salt 2016.11.3 |