9.8

CVE-2015-6941

win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SaltstackSalt 2015 Version5.0
SaltstackSalt 2015 Version5.1
SaltstackSalt 2015 Version5.2
SaltstackSalt 2015 Version5.3
SaltstackSalt 2015 Version5.4
SaltstackSalt 2015 Version5.5
SaltstackSalt 2015 Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.22% 0.804
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-534 DEPRECATED: Information Exposure Through Debug Log Files

This entry has been deprecated because its abstraction was too low-level. See CWE-532.

https://bugzilla.redhat.com/show_bug.cgi?id=1273066
Patch
Third Party Advisory
VDB Entry
Issue Tracking
https://docs.saltstack.com/en/latest/topics/releases/2015.5.6.html
Vendor Advisory
Release Notes
https://docs.saltstack.com/en/latest/topics/releases/2015.8.1.html
Vendor Advisory
Release Notes
https://github.com/twangboy/salt/commit/c0689e32154c41f59840ae10ffc5fbfa30618710
Patch
Third Party Advisory