{"id":"PYSEC-2017-82","details":"The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).","aliases":["CVE-2017-8109","GHSA-xcx4-5wq7-g5g7"],"modified":"2024-04-22T22:56:41.147178Z","published":"2017-04-25T17:59:00Z","references":[{"type":"WEB","url":"https://github.com/saltstack/salt/pull/40609/commits/6e34c2b5e5e849302af7ccd00509929c3809c658"},{"type":"WEB","url":"https://github.com/saltstack/salt/pull/40609"},{"type":"REPORT","url":"https://github.com/saltstack/salt/issues/40075"},{"type":"WEB","url":"https://docs.saltstack.com/en/latest/topics/releases/2016.11.4.html"},{"type":"REPORT","url":"https://bugzilla.suse.com/show_bug.cgi?id=1035912"},{"type":"WEB","url":"http://www.securityfocus.com/bid/98095"}],"affected":[{"package":{"name":"salt","ecosystem":"PyPI","purl":"pkg:pypi/salt"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2016.11"},{"fixed":"2016.11.4"}]}],"versions":["2016.11.0","2016.11.1","2016.11.2","2016.11.3"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/salt/PYSEC-2017-82.yaml"}}],"schema_version":"1.7.3"}