VDB
CVE-2017-8109
CVE-2017-8109
REJECTED
The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).
EPSS 0.05% · 15.0th percentile
Risk Scores
EPSS Score
0.05%
15.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | salt | 0, 2016.11.8+dfsg1-1, 2017.7.3+dfsg1-1 |
Exploit Intelligence
- https://github.com/saltstack/salt/pull/40609/commits/6e34c2b5e5e849302af7ccd00509929c3809c658 (circl)
- https://github.com/saltstack/salt/issues/40075 (circl)
- https://github.com/saltstack/salt/pull/40609 (circl)
- https://bugzilla.suse.com/show_bug.cgi?id=1035912 (circl)
- 98095 (circl)
- https://docs.saltstack.com/en/latest/topics/releases/2016.11.4.html (circl)
- Minions.js (github-poc)
- Minions.js (github-poc)
- Minions.js (github-poc)
- Minions.js (github-poc)
…and 5 more exploits
Timeline
- Apr 25, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-8109 third-party-advisory
- https://github.com/saltstack/salt/issues/40075 third-party-advisory
- https://github.com/saltstack/salt/pull/40609 third-party-advisory
- https://github.com/saltstack/salt/commit/8492cef7a5c8871a3978ffc2f6e48b3b960e0151 third-party-advisory
- https://bugzilla.suse.com/show_bug.cgi?id=1035912 third-party-advisory
- https://docs.saltstack.com/en/latest/topics/releases/2016.11.4.html third-party-advisory
- https://github.com/saltstack/salt/pull/40609/commits/6e34c2b5e5e849302af7ccd00509929c3809c658 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-8109 third-party-advisory