Vulnerability Details : CVE-2015-1839
modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
Products affected by CVE-2015-1839
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-1839
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 22 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-1839
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
|
5.3
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
1.8
|
3.4
|
NIST |
CWE ids for CVE-2015-1839
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-1839
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175568.html
[SECURITY] Fedora 23 Update: salt-2015.5.8-1.fc23Third Party Advisory
-
https://github.com/saltstack/salt/commit/b49d0d4b5ca5c6f31f03e2caf97cef1088eeed81
Create randomized logfile name in windows for chef.py · saltstack/salt@b49d0d4 · GitHubIssue Tracking;Patch;Third Party Advisory
-
https://github.com/saltstack/salt/commit/22d2f7a1ec93300c34e8c42d14ec39d51e610b5c
Use cachedir · saltstack/salt@22d2f7a · GitHubIssue Tracking;Patch;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1212788
1212788 – (CVE-2015-1839) CVE-2015-1839 salt: insecure /tmp file handling in salt/modules/chef.pyIssue Tracking;Patch
-
https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.html
Salt 2014.7.4 Release NotesRelease Notes;Vendor Advisory
Jump to