CVE-2015-4017

CWE-295 — Improper Certificate Validation9 documents6 sources

Severity

7.5HIGH

EPSS

0.2%

top 54.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Saltstack Salt

Timeline

PublishedAug 25

Latest updateMay 14

Description

Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶PyPIsalt< 2014.7.6

▶NVDsaltstack/salt2014.7.5

Patches

Patch: www.openwall.com ↗Patch: bugzilla.redhat.com ↗Patch: docs.saltstack.com ↗

🔴Vulnerability Details

OSV

Salt vulnerable to Improper Certificate Validation↗2022-05-14

▶

GHSA

Salt vulnerable to Improper Certificate Validation↗2022-05-14

▶

CVEList

CVE-2015-4017: Salt before 2014↗2017-08-25

▶

OSV

CVE-2015-4017: Salt before 2014↗2017-08-25

▶

📋Vendor Advisories

Red Hat

salt: Certificates are not verified when connecting to server with certain modules↗2015-05-02

▶

💬Community

Bugzilla

CVE-2015-4017 salt: Certificates are not verified when connecting to server with certain modules [fedora-all]↗2015-05-19

▶

Bugzilla

CVE-2015-4017 salt: Certificates are not verified when connecting to server with certain modules [epel-all]↗2015-05-19

▶

Bugzilla

CVE-2015-4017 salt: Certificates are not verified when connecting to server with certain modules↗2015-05-19

▶