Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-kpue-fsd4-akdq
Vulnerability ID VCID-kpue-fsd4-akdq
Aliases CVE-2017-8109
PYSEC-2017-82
Summary The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2017-8109
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2017-8109
https://bugzilla.suse.com/show_bug.cgi?id=1035912
https://docs.saltstack.com/en/latest/topics/releases/2016.11.4.html
https://github.com/saltstack/salt/issues/40075
https://github.com/saltstack/salt/pull/40609
https://github.com/saltstack/salt/pull/40609/commits/6e34c2b5e5e849302af7ccd00509929c3809c658
http://www.securityfocus.com/bid/98095
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.14911
EPSS Score 0.00047
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T20:17:14.952829+00:00 Pypa Importer Import https://github.com/pypa/advisory-database/blob/main/vulns/salt/PYSEC-2017-82.yaml 38.6.0