The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.
2020-11-06T08:15:13.347
2024-11-21T05:08:13.160
Modified
CVSSv3.1: 5.5 (MEDIUM)
AV:L/AC:L/Au:N/C:P/I:N/A:N
3.9
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | saltstack | salt | < 2015.8.10 | Yes |
| Application | saltstack | salt | < 2015.8.13 | Yes |
| Application | saltstack | salt | < 2016.3.4 | Yes |
| Application | saltstack | salt | < 2016.3.6 | Yes |
| Application | saltstack | salt | < 2016.3.8 | Yes |
| Application | saltstack | salt | < 2016.11.3 | Yes |
| Application | saltstack | salt | < 2016.11.6 | Yes |
| Application | saltstack | salt | < 2016.11.10 | Yes |
| Application | saltstack | salt | < 2017.7.4 | Yes |
| Application | saltstack | salt | < 2017.7.8 | Yes |
| Application | saltstack | salt | < 2018.3.5 | Yes |
| Application | saltstack | salt | < 2019.2.5 | Yes |
| Application | saltstack | salt | < 3000.3 | Yes |
| Application | saltstack | salt | 3001 | Yes |
| Operating System | debian | debian_linux | 9.0 | Yes |
| Operating System | debian | debian_linux | 10.0 | Yes |