CVE-2015-6918
published 2017-10-10CVE-2015-6918: salt before 2015.5.5 leaks git usernames and passwords to the log.
PriorityP429medium6.3CVSS 3.0
AVNACHPRLUINSCCHINAN
EPSS
1.23%
65.1th percentile
salt before 2015.5.5 leaks git usernames and passwords to the log.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| saltstack | salt | >= 0 < 28aa9b105804ff433d8f663b2f9b804f2b75495a | 28aa9b105804ff433d8f663b2f9b804f2b75495a |
| saltstack | salt | >= 0 < 2015.5.5 | 2015.5.5 |
| saltstack | salt | >= 0 < 0.17.5+ds-1ubuntu0.1~esm1 | 0.17.5+ds-1ubuntu0.1~esm1 |
| saltstack | salt | >= 0 < 2015.8.8+ds-1ubuntu0.1+esm1 | 2015.8.8+ds-1ubuntu0.1+esm1 |
| saltstack | salt_2015 | <= 5.4 | — |
CVSS provenance
nvdv3.06.3MEDIUMCVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:P/I:N/A:N
osv7.2HIGH
vendor_ubuntu7.2HIGH
vendor_redhat6.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
salt leaks git usernames and passwords to the log
ghsa·2022-05-17
CVE-2015-6918 [MEDIUM] CWE-200 salt leaks git usernames and passwords to the log
salt leaks git usernames and passwords to the log
salt before 2015.5.5 leaks git usernames and passwords to the log.
OSV
salt leaks git usernames and passwords to the log
osv·2022-05-17
CVE-2015-6918 [MEDIUM] salt leaks git usernames and passwords to the log
salt leaks git usernames and passwords to the log
salt before 2015.5.5 leaks git usernames and passwords to the log.
OSV
salt vulnerabilities
osv·2021-03-15·CVSS 7.2
CVE-2014-3563 [HIGH] salt vulnerabilities
salt vulnerabilities
It was discovered that Salt allowed remote attackers to write to
arbitrary files via a special crafted file. An attacker could use this
vulnerability to cause a DoS or possibly execute arbitrary code. This
issue only affected Ubuntu 14.04 ESM. (CVE-2014-3563)
Andreas Stieger discovered that Salt exposed git usernames and passwords
in log files. An attacker could use this issue to retrieve sensitive
information. This issue only affected Ubuntu 14.04 ESM. (CVE-2015-6918).
It was discovered that Salt exposed password authentication
credentials in log files. An attacker could use this issue to retrieve
sensitive information. This issue only affected Ubuntu 14.04 ESM.
(CVE-2015-6941)
It was discovered that Salt allowed remote attackers to write to
arbitrary files via a
OSV
CVE-2015-6918: salt before 2015
osv·2017-10-10
CVE-2015-6918 CVE-2015-6918: salt before 2015
salt before 2015.5.5 leaks git usernames and passwords to the log.
Ubuntu
Salt vulnerabilities
vendor_ubuntu·2021-03-15·CVSS 7.2
CVE-2015-6918 [HIGH] Salt vulnerabilities
Title: Salt vulnerabilities
Summary: Several security issues were fixed in Salt.
It was discovered that Salt allowed remote attackers to write to
arbitrary files via a special crafted file. An attacker could use this
vulnerability to cause a DoS or possibly execute arbitrary code. This
issue only affected Ubuntu 14.04 ESM. (CVE-2014-3563)
Andreas Stieger discovered that Salt exposed git usernames and passwords
in log files. An attacker could use this issue to retrieve sensitive
information. This issue only affected Ubuntu 14.04 ESM. (CVE-2015-6918).
It was discovered that Salt exposed password authentication
credentials in log files. An attacker could use this issue to retrieve
sensitive information. This issue only affected Ubuntu 14.04 ESM.
(CVE-2015-6941)
It was discovered that Sal
Red Hat
salt: git module leaks authentication details into log
vendor_redhat·2015-08-19·CVSS 6.3
CVE-2015-6918 [MEDIUM] CWE-532 salt: git module leaks authentication details into log
salt: git module leaks authentication details into log
salt before 2015.5.5 leaks git usernames and passwords to the log.
Package: salt (Red Hat Ceph Storage 1.2) - Will not fix
Package: salt (Red Hat Ceph Storage 1.3) - Will not fix
No detection rules found.
No public exploits indexed.
2017-10-10
Published