Vulnerability Details CVE-2015-6941
win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 5.0
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1273066
- https://docs.saltstack.com/en/latest/topics/releases/2015.5.6.html
- https://docs.saltstack.com/en/latest/topics/releases/2015.8.1.html
- https://github.com/twangboy/salt/commit/c0689e32154c41f59840ae10ffc5fbfa30618710
- https://bugzilla.redhat.com/show_bug.cgi?id=1273066
- https://docs.saltstack.com/en/latest/topics/releases/2015.5.6.html
- https://docs.saltstack.com/en/latest/topics/releases/2015.8.1.html
- https://github.com/twangboy/salt/commit/c0689e32154c41f59840ae10ffc5fbfa30618710
Products affected by CVE-2015-6941
-
cpe:2.3:a:saltstack:salt_2015:5.0
-
cpe:2.3:a:saltstack:salt_2015:5.1
-
cpe:2.3:a:saltstack:salt_2015:5.2
-
cpe:2.3:a:saltstack:salt_2015:5.3
-
cpe:2.3:a:saltstack:salt_2015:5.4
-
cpe:2.3:a:saltstack:salt_2015:5.5
-
cpe:2.3:a:saltstack:salt_2015:8.0