rpm package
suse/salt&distro=SUSE Enterprise Storage 1.0
pkg:rpm/suse/salt&distro=SUSE%20Enterprise%20Storage%201.0
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-3176 | Med | 5.6 | < 2014.1.10-5.6 | 2014.1.10-5.6 | Jan 31, 2017 | Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient. | |
| CVE-2015-8034 | Low | 3.3 | < 2014.1.10-8.4 | 2014.1.10-8.4 | Jan 30, 2017 | The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file. |
- affected < 2014.1.10-5.6fixed 2014.1.10-5.6
Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.
- affected < 2014.1.10-8.4fixed 2014.1.10-8.4
The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.