High severity8.1NVD Advisory· Published Apr 12, 2016· Updated May 6, 2026
CVE-2016-1866
CVE-2016-1866
Description
Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master data stream.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
saltPyPI | >= 2015.8.0rc1, < 2015.8.4 | 2015.8.4 |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- docs.saltstack.com/en/latest/topics/releases/2015.8.4.htmlnvdVendor AdvisoryWEB
- github.com/advisories/GHSA-vqh4-crjf-jjxxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-1866ghsaADVISORY
- lists.opensuse.org/opensuse-updates/2016-03/msg00034.htmlnvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2016-23.yamlghsaWEB
News mentions
0No linked articles in our index yet.