{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35055?format=json","vulnerability_id":"VCID-pr6t-nw24-cfcp","summary":"The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).","aliases":[{"alias":"CVE-2017-8109"},{"alias":"PYSEC-2017-82"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9895?format=json","purl":"pkg:pypi/salt@2016.11.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ds7-ga65-r3b6"},{"vulnerability":"VCID-2h9s-fgnc-1qeg"},{"vulnerability":"VCID-47u4-vdsp-c3ct"},{"vulnerability":"VCID-48r4-3qds-bbhv"},{"vulnerability":"VCID-48tt-fe7z-ybfb"},{"vulnerability":"VCID-58p2-6c4u-tybp"},{"vulnerability":"VCID-5hr1-5aec-43h3"},{"vulnerability":"VCID-65p4-5x86-y3fj"},{"vulnerability":"VCID-6cfw-9xe8-43d6"},{"vulnerability":"VCID-7mam-gwcp-8kdm"},{"vulnerability":"VCID-8mpz-ke16-fbej"},{"vulnerability":"VCID-a8kw-uehx-xfg5"},{"vulnerability":"VCID-ce2x-ehyk-nufk"},{"vulnerability":"VCID-cubj-wrbp-1qbu"},{"vulnerability":"VCID-e6kv-phwy-vfef"},{"vulnerability":"VCID-e8qc-mktf-gyam"},{"vulnerability":"VCID-gafc-bb59-9yhb"},{"vulnerability":"VCID-h4tm-9wqz-1qge"},{"vulnerability":"VCID-hgv6-czxs-cfbc"},{"vulnerability":"VCID-j5th-837s-fkft"},{"vulnerability":"VCID-jbea-m4ak-tqd7"},{"vulnerability":"VCID-jyxg-h3a9-8ygv"},{"vulnerability":"VCID-k1gu-khda-jyeb"},{"vulnerability":"VCID-kapu-yvhn-ybhw"},{"vulnerability":"VCID-mbpz-g2vs-tqc1"},{"vulnerability":"VCID-neby-tsrt-ryg5"},{"vulnerability":"VCID-nehw-r7zm-j7bb"},{"vulnerability":"VCID-p4xa-ks7v-wbay"},{"vulnerability":"VCID-qgqk-f1g2-7fbz"},{"vulnerability":"VCID-saff-gz5j-8kex"},{"vulnerability":"VCID-v43a-k2bg-wkbz"},{"vulnerability":"VCID-w2qv-hbsf-xyfh"},{"vulnerability":"VCID-znn9-qud3-wqat"},{"vulnerability":"VCID-zter-3e3b-7yfb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.4"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9891?format=json","purl":"pkg:pypi/salt@2016.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ds7-ga65-r3b6"},{"vulnerability":"VCID-2h9s-fgnc-1qeg"},{"vulnerability":"VCID-47u4-vdsp-c3ct"},{"vulnerability":"VCID-48r4-3qds-bbhv"},{"vulnerability":"VCID-48tt-fe7z-ybfb"},{"vulnerability":"VCID-58p2-6c4u-tybp"},{"vulnerability":"VCID-5hr1-5aec-43h3"},{"vulnerability":"VCID-65p4-5x86-y3fj"},{"vulnerability":"VCID-6cfw-9xe8-43d6"},{"vulnerability":"VCID-7mam-gwcp-8kdm"},{"vulnerability":"VCID-8mpz-ke16-fbej"},{"vulnerability":"VCID-a8kw-uehx-xfg5"},{"vulnerability":"VCID-ce2x-ehyk-nufk"},{"vulnerability":"VCID-cubj-wrbp-1qbu"},{"vulnerability":"VCID-e6kv-phwy-vfef"},{"vulnerability":"VCID-e8qc-mktf-gyam"},{"vulnerability":"VCID-gafc-bb59-9yhb"},{"vulnerability":"VCID-h4tm-9wqz-1qge"},{"vulnerability":"VCID-hgv6-czxs-cfbc"},{"vulnerability":"VCID-j5th-837s-fkft"},{"vulnerability":"VCID-jbea-m4ak-tqd7"},{"vulnerability":"VCID-jyxg-h3a9-8ygv"},{"vulnerability":"VCID-k1gu-khda-jyeb"},{"vulnerability":"VCID-kapu-yvhn-ybhw"},{"vulnerability":"VCID-mbpz-g2vs-tqc1"},{"vulnerability":"VCID-neby-tsrt-ryg5"},{"vulnerability":"VCID-nehw-r7zm-j7bb"},{"vulnerability":"VCID-p4xa-ks7v-wbay"},{"vulnerability":"VCID-pr6t-nw24-cfcp"},{"vulnerability":"VCID-qgqk-f1g2-7fbz"},{"vulnerability":"VCID-reer-fk1f-tkbj"},{"vulnerability":"VCID-saff-gz5j-8kex"},{"vulnerability":"VCID-v43a-k2bg-wkbz"},{"vulnerability":"VCID-w2qv-hbsf-xyfh"},{"vulnerability":"VCID-xccs-pwhb-nuce"},{"vulnerability":"VCID-znn9-qud3-wqat"},{"vulnerability":"VCID-zter-3e3b-7yfb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.0"},{"url":"http://public2.vulnerablecode.io/api/packages/9892?format=json","purl":"pkg:pypi/salt@2016.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ds7-ga65-r3b6"},{"vulnerability":"VCID-2h9s-fgnc-1qeg"},{"vulnerability":"VCID-47u4-vdsp-c3ct"},{"vulnerability":"VCID-48r4-3qds-bbhv"},{"vulnerability":"VCID-48tt-fe7z-ybfb"},{"vulnerability":"VCID-58p2-6c4u-tybp"},{"vulnerability":"VCID-5hr1-5aec-43h3"},{"vulnerability":"VCID-65p4-5x86-y3fj"},{"vulnerability":"VCID-6cfw-9xe8-43d6"},{"vulnerability":"VCID-7mam-gwcp-8kdm"},{"vulnerability":"VCID-8mpz-ke16-fbej"},{"vulnerability":"VCID-a8kw-uehx-xfg5"},{"vulnerability":"VCID-ce2x-ehyk-nufk"},{"vulnerability":"VCID-cubj-wrbp-1qbu"},{"vulnerability":"VCID-e6kv-phwy-vfef"},{"vulnerability":"VCID-e8qc-mktf-gyam"},{"vulnerability":"VCID-gafc-bb59-9yhb"},{"vulnerability":"VCID-h4tm-9wqz-1qge"},{"vulnerability":"VCID-hgv6-czxs-cfbc"},{"vulnerability":"VCID-j5th-837s-fkft"},{"vulnerability":"VCID-jbea-m4ak-tqd7"},{"vulnerability":"VCID-jyxg-h3a9-8ygv"},{"vulnerability":"VCID-k1gu-khda-jyeb"},{"vulnerability":"VCID-kapu-yvhn-ybhw"},{"vulnerability":"VCID-mbpz-g2vs-tqc1"},{"vulnerability":"VCID-neby-tsrt-ryg5"},{"vulnerability":"VCID-nehw-r7zm-j7bb"},{"vulnerability":"VCID-p4xa-ks7v-wbay"},{"vulnerability":"VCID-pr6t-nw24-cfcp"},{"vulnerability":"VCID-qgqk-f1g2-7fbz"},{"vulnerability":"VCID-reer-fk1f-tkbj"},{"vulnerability":"VCID-saff-gz5j-8kex"},{"vulnerability":"VCID-v43a-k2bg-wkbz"},{"vulnerability":"VCID-w2qv-hbsf-xyfh"},{"vulnerability":"VCID-xccs-pwhb-nuce"},{"vulnerability":"VCID-znn9-qud3-wqat"},{"vulnerability":"VCID-zter-3e3b-7yfb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/9893?format=json","purl":"pkg:pypi/salt@2016.11.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ds7-ga65-r3b6"},{"vulnerability":"VCID-2h9s-fgnc-1qeg"},{"vulnerability":"VCID-47u4-vdsp-c3ct"},{"vulnerability":"VCID-48r4-3qds-bbhv"},{"vulnerability":"VCID-48tt-fe7z-ybfb"},{"vulnerability":"VCID-58p2-6c4u-tybp"},{"vulnerability":"VCID-5hr1-5aec-43h3"},{"vulnerability":"VCID-65p4-5x86-y3fj"},{"vulnerability":"VCID-6cfw-9xe8-43d6"},{"vulnerability":"VCID-7mam-gwcp-8kdm"},{"vulnerability":"VCID-8mpz-ke16-fbej"},{"vulnerability":"VCID-a8kw-uehx-xfg5"},{"vulnerability":"VCID-ce2x-ehyk-nufk"},{"vulnerability":"VCID-cubj-wrbp-1qbu"},{"vulnerability":"VCID-e6kv-phwy-vfef"},{"vulnerability":"VCID-e8qc-mktf-gyam"},{"vulnerability":"VCID-gafc-bb59-9yhb"},{"vulnerability":"VCID-h4tm-9wqz-1qge"},{"vulnerability":"VCID-hgv6-czxs-cfbc"},{"vulnerability":"VCID-j5th-837s-fkft"},{"vulnerability":"VCID-jbea-m4ak-tqd7"},{"vulnerability":"VCID-jyxg-h3a9-8ygv"},{"vulnerability":"VCID-k1gu-khda-jyeb"},{"vulnerability":"VCID-kapu-yvhn-ybhw"},{"vulnerability":"VCID-mbpz-g2vs-tqc1"},{"vulnerability":"VCID-neby-tsrt-ryg5"},{"vulnerability":"VCID-nehw-r7zm-j7bb"},{"vulnerability":"VCID-p4xa-ks7v-wbay"},{"vulnerability":"VCID-pr6t-nw24-cfcp"},{"vulnerability":"VCID-qgqk-f1g2-7fbz"},{"vulnerability":"VCID-saff-gz5j-8kex"},{"vulnerability":"VCID-v43a-k2bg-wkbz"},{"vulnerability":"VCID-w2qv-hbsf-xyfh"},{"vulnerability":"VCID-znn9-qud3-wqat"},{"vulnerability":"VCID-zter-3e3b-7yfb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.2"},{"url":"http://public2.vulnerablecode.io/api/packages/9894?format=json","purl":"pkg:pypi/salt@2016.11.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-47u4-vdsp-c3ct"},{"vulnerability":"VCID-48r4-3qds-bbhv"},{"vulnerability":"VCID-48tt-fe7z-ybfb"},{"vulnerability":"VCID-58p2-6c4u-tybp"},{"vulnerability":"VCID-7mam-gwcp-8kdm"},{"vulnerability":"VCID-8mpz-ke16-fbej"},{"vulnerability":"VCID-a8kw-uehx-xfg5"},{"vulnerability":"VCID-ce2x-ehyk-nufk"},{"vulnerability":"VCID-e6kv-phwy-vfef"},{"vulnerability":"VCID-e8qc-mktf-gyam"},{"vulnerability":"VCID-gafc-bb59-9yhb"},{"vulnerability":"VCID-h4tm-9wqz-1qge"},{"vulnerability":"VCID-hgv6-czxs-cfbc"},{"vulnerability":"VCID-jyxg-h3a9-8ygv"},{"vulnerability":"VCID-k1gu-khda-jyeb"},{"vulnerability":"VCID-kapu-yvhn-ybhw"},{"vulnerability":"VCID-nehw-r7zm-j7bb"},{"vulnerability":"VCID-pr6t-nw24-cfcp"},{"vulnerability":"VCID-qgqk-f1g2-7fbz"},{"vulnerability":"VCID-saff-gz5j-8kex"},{"vulnerability":"VCID-znn9-qud3-wqat"},{"vulnerability":"VCID-zter-3e3b-7yfb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.3"}],"references":[{"reference_url":"https://bugzilla.suse.com/show_bug.cgi?id=1035912","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.suse.com/show_bug.cgi?id=1035912"},{"reference_url":"https://docs.saltstack.com/en/latest/topics/releases/2016.11.4.html","reference_id":"","reference_type":"","scores":[],"url":"https://docs.saltstack.com/en/latest/topics/releases/2016.11.4.html"},{"reference_url":"https://github.com/saltstack/salt/issues/40075","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/saltstack/salt/issues/40075"},{"reference_url":"https://github.com/saltstack/salt/pull/40609","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/saltstack/salt/pull/40609"},{"reference_url":"https://github.com/saltstack/salt/pull/40609/commits/6e34c2b5e5e849302af7ccd00509929c3809c658","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/saltstack/salt/pull/40609/commits/6e34c2b5e5e849302af7ccd00509929c3809c658"},{"reference_url":"http://www.securityfocus.com/bid/98095","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/98095"}],"weaknesses":[],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pr6t-nw24-cfcp"}