CVE-2015-8034 — Salt uses weak permissions on the cache data

Description

The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.

How to fix CVE-2015-8034

To remediate CVE-2015-8034, upgrade the affected package to a fixed version below.

PyPI/salt—upgrade to 2015.8.3 or later
—upgrade to 2015.8.3 or later

Is CVE-2015-8034 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 2015.8.3
from 0, < 2015.8.3

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	LOW3.3	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References (8)

ADVISORYgithub.com/advisories/GHSA-6prw-8xhm-h247
ADVISORYnvd.nist.gov/vuln/detail/CVE-2015-8034
PATCHgithub.com/saltstack/salt
WEBdocs.saltstack.com/en/latest/topics/releases/2015.8.3.html
WEB