suse · CVE-2017-8109

Quick triage

Priority: low Published: 2021-05-30 13:55:58 UTC Updated: 2026-04-18 09:05:32 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2017-8109 severity low: SUSE including 18 source package names (beta1:salt-2016.11.4-45.2, beta1:salt-api-2016.11.4-45.2, …), 69 product×package rows across 19 product lines (Container caasp/v4/salt-api, Container caasp/v4/salt-master, … (19 product lines)): Fixed 69.

Description:

The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).

cvelogic Threat Intelligence