FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Salt -- information disclosure

Affected packages
py27-salt < 2015.8.3

Details

VuXML ID e6b974ab-9d35-11e5-8f5c-002590263bf5
Discovery 2015-11-25
Entry 2015-12-07

Salt release notes report:

CVE-2015-8034: Saving state.sls cache data to disk with insecure permissions

This affects users of the state.sls function. The state run cache on the minion was being created with incorrect permissions. This file could potentially contain sensitive data that was inserted via jinja into the state SLS files. The permissions for this file are now being set correctly. Thanks to @zmalone for bringing this issue to our attention.

References

CVE Name CVE-2015-8034
URL https://docs.saltstack.com/en/latest/topics/releases/2015.8.3.html