salt is vulnerable to an information disclosure vulnerability. The library mirrors the file permissions on the salt-master when setting up its temporary file location for the local cache. This can allow a malicious local user to access sensitive credentials.