Information Exposure Affecting salt package, versions [,2015.5.5)
Threat Intelligence
EPSS
0.06% (26th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-SALT-40711
- published 29 Nov 2017
- disclosed 18 Aug 2015
- credit Unknown
Introduced: 18 Aug 2015
CVE-2015-6918 Open this link in a new tabHow to fix?
Upgrade salt
to version 2015.5.5 or higher.
Overview
salt
is a Portable, distributed, remote execution and configuration management system.
Affected versions of the package are vulnerable to Information Disclosure. salt before 2015.5.5 leaks git usernames and passwords to the log.
References
CVSS Scores
version 3.1