VYPR
High severity8.1NVD Advisory· Published Apr 12, 2016· Updated Jun 17, 2026

CVE-2016-1866

CVE-2016-1866

Description

Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master data stream.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
saltPyPI
>= 2015.8.0rc1, < 2015.8.42015.8.4

Affected products

6
  • Saltstack/Salt4 versions
    cpe:2.3:a:saltstack:salt:2015.8.0:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:saltstack:salt:2015.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:saltstack:salt:2015.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:saltstack:salt:2015.8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:saltstack:salt:2015.8.3:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 2015.8.0rc1, < 2015.8.4

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.