High severity7.8NVD Advisory· Published Apr 25, 2017· Updated Jun 17, 2026
CVE-2017-8109
CVE-2017-8109
Description
The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
saltPyPI | >= 2016.11, < 2016.11.4 | 2016.11.4 |
Affected products
17cpe:2.3:a:saltstack:salt:2016.11:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:saltstack:salt:2016.11:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2016.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2016.11.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2016.11.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2016.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2016.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2016.11.3:*:*:*:*:*:*:*
- ghsa-coords10 versionspkg:pypi/saltpkg:rpm/suse/salt&distro=SUSE%20Enterprise%20Storage%203pkg:rpm/suse/salt&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Advanced%20Systems%20Management%2012pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2012%20SP2pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-CLIENT-TOOLSpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-CLIENT-TOOLSpkg:rpm/suse/salt&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/salt&distro=SUSE%20Manager%20Proxy%203.0pkg:rpm/suse/salt&distro=SUSE%20Manager%20Server%203.0
>= 2016.11, < 2016.11.4+ 9 more
- (no CPE)range: >= 2016.11, < 2016.11.4
- (no CPE)range: < 2016.11.4-45.2
- (no CPE)range: < 2016.11.4-45.2
- (no CPE)range: < 2016.11.4-45.2
- (no CPE)range: < 2016.11.4-45.2
- (no CPE)range: < 2016.11.4-42.2
- (no CPE)range: < 2016.11.4-42.2
- (no CPE)range: < 2016.11.4-45.2
- (no CPE)range: < 2016.11.4-45.2
- (no CPE)range: < 2016.11.4-45.2
Patches
Vulnerability mechanics
References
9- bugzilla.suse.com/show_bug.cginvdIssue TrackingPatchWEB
- docs.saltstack.com/en/latest/topics/releases/2016.11.4.htmlnvdPatchRelease NotesVendor Advisory
- github.com/saltstack/salt/issues/40075nvdIssue TrackingPatchThird Party AdvisoryWEB
- github.com/saltstack/salt/pull/40609nvdIssue TrackingPatchThird Party AdvisoryWEB
- github.com/saltstack/salt/pull/40609/commits/6e34c2b5e5e849302af7ccd00509929c3809c658nvdIssue TrackingPatchThird Party AdvisoryWEB
- www.securityfocus.com/bid/98095nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-xcx4-5wq7-g5g7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-8109ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2017-82.yamlghsaWEB
News mentions
0No linked articles in our index yet.