CVE-2016-9639

Description

Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.

How to fix CVE-2016-9639

To remediate CVE-2016-9639, upgrade the affected package to a fixed version below.

• PyPI/salt—upgrade to 2015.8.11 or later
• PyPI/salt—upgrade to 2015.8.11 or later

Is CVE-2016-9639 being exploited?

Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, < 2015.8.11
• from 0, < 2015.8.11

CVSS scores

References (10)

• ADVISORYgithub.com/advisories/GHSA-hvmj-356c-gpf4
• ADVISORYnvd.nist.gov/vuln/detail/CVE-2016-9639
• PATCHgithub.com/saltstack/salt
• WEBdocs.saltproject.io/en/latest/topics/releases/2015.8.11.html#new-master-configuration-parameter