High severity7.8NVD Advisory· Published Apr 25, 2017· Updated May 13, 2026
CVE-2017-8109
CVE-2017-8109
Description
The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
saltPyPI | >= 2016.11, < 2016.11.4 | 2016.11.4 |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- bugzilla.suse.com/show_bug.cginvdIssue TrackingPatchWEB
- docs.saltstack.com/en/latest/topics/releases/2016.11.4.htmlnvdPatchRelease NotesVendor Advisory
- github.com/saltstack/salt/issues/40075nvdIssue TrackingPatchThird Party AdvisoryWEB
- github.com/saltstack/salt/pull/40609nvdIssue TrackingPatchThird Party AdvisoryWEB
- github.com/saltstack/salt/pull/40609/commits/6e34c2b5e5e849302af7ccd00509929c3809c658nvdIssue TrackingPatchThird Party AdvisoryWEB
- www.securityfocus.com/bid/98095nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-xcx4-5wq7-g5g7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-8109ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2017-82.yamlghsaWEB
News mentions
0No linked articles in our index yet.