FreeBSD3934CC60-F0FA-4ECA-BE09-C8BD7AE42871Salt -- multiple vulnerabilities
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
76.7%
Salt release notes:
CVE-2015-6918 - Git modules leaking HTTPS auth credentials to debug log
Updated the Git state and execution modules to no longer display HTTPS basic
authentication credentials in loglevel debug output on the Salt master. These
credentials are now replaced with REDACTED in the debug output. Thanks to
Andreas Stieger for bringing this to our attention.
CVE-2015-6941 - win_useradd module and salt-cloud display passwords in debug
log
Updated the win_useradd module return data to no longer include the password
of the newly created user. The password is now replaced with the string
XXX-REDACTED-XXX. Updated the Salt Cloud debug output to no longer display
win_password and sudo_password authentication credentials. Also updated the
Linode driver to no longer display authentication credentials in debug logs.
These credentials are now replaced with REDACTED in the debug output.
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
76.7%