CVE-2016-9639 — Improper Access Control in Salt

Severity

9.1CRITICALNVD

EPSS

0.8%

top 25.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedFeb 7

Latest updateMay 17

Description

Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

▶PyPIsaltstack/salt< 2015.8.11

▶NVDsaltstack/salt2015.8.10

GHSA

Salt allows deleted minions to read or write to minions with the same id↗2022-05-17

▶

OSV

Salt allows deleted minions to read or write to minions with the same id↗2022-05-17

▶

OSV

CVE-2016-9639: Salt before 2015↗2017-02-07

▶

CVEList

CVE-2016-9639: Salt before 2015↗2017-02-07

▶

Red Hat

salt: Vulnerable caching provides access to private pillar data↗2016-11-25

▶

Bugzilla

CVE-2016-9639 salt: Vulnerable caching provides access to private pillar data↗2016-11-28

▶

Bugzilla

CVE-2016-9639 salt: Vulnerable caching provides access to private pillar data [epel-all]↗2016-11-28

▶