CVE-2015-8034

Published: Jan 30, 2017Modified: May 13, 2026

3.3

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.

Affected (1)

Products: Saltstack: Salt

Saltstack

1 product

Salt

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Saltstack Salt	Up to 2015.8.2

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://www.securityfocus.com/bid/96390

Source: cve@mitre.org

https://docs.saltstack.com/en/latest/topics/releases/2015.8.3.html

Source: cve@mitre.org

Release NotesVendor Advisory

http://www.securityfocus.com/bid/96390

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.saltstack.com/en/latest/topics/releases/2015.8.3.html

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.