Salt -- information disclosure
Salt release notes report:
CVE-2015-8034: Saving state.sls cache data to disk with insecure
This affects users of the state.sls function. The state run cache
on the minion was being created with incorrect permissions. This
file could potentially contain sensitive data that was inserted via
jinja into the state SLS files. The permissions for this file are
now being set correctly. Thanks to @zmalone for bringing this issue
to our attention.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright