CVE-2015-6941 - DEPRECATED: Information Exposure Through Debug Log Files

Severity

50%

Complexity

99%

Confidentiality

48%

win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs.

win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs.

CVSS 3.0 Base Score 9.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N).

Overview

Type

SaltStack Salt 2015

First reported 7 years ago

2017-08-09 16:29:00

Last updated 7 years ago

2017-08-21 15:25:00

Affected Software

SaltStack Salt 2015 5.0

5.0

SaltStack Salt 2015 5.1

5.1

SaltStack Salt 2015 5.2

5.2

SaltStack Salt 2015 5.3

5.3

SaltStack Salt 2015 5.4

5.4

SaltStack Salt 2015 5.5

5.5

SaltStack Salt 2015 8.0

8.0

References

https://bugzilla.redhat.com/show_bug.cgi?id=1273066

Issue Tracking, Patch, Third Party Advisory, VDB Entry

https://docs.saltstack.com/en/latest/topics/releases/2015.5.6.html

Release Notes, Vendor Advisory

https://docs.saltstack.com/en/latest/topics/releases/2015.8.1.html

Release Notes, Vendor Advisory

https://github.com/twangboy/salt/commit/c0689e32154c41f59840ae10ffc5fbfa30618710

Patch, Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.