VIR Vulnerability Intelligence Relay

CVE-2015-6941

critical
Published 2017-08-09 · Modified 2024-05-01
CVSS v3
9.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2
5.0
VIR risk
9.8

Description

win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs.

Predictions

Exploit likelihood
97%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/twangboy/salt/commit/c0689e32154c41f59840ae10ffc5fbfa30618710

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://docs.saltstack.com/en/latest/topics/releases/2015.8.1.html

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://docs.saltstack.com/en/latest/topics/releases/2015.5.6.html

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://bugzilla.redhat.com/show_bug.cgi?id=1273066

Package impact
EcosystemPackageVulnerableFixed
python PyPIsalt>=2015.5,<2015.5.62015.5.6
python PyPIsalt>=2015.8,<2015.8.12015.8.1
python PyPIsalt<c0689e32154c41f59840ae10ffc5fbfa30618710||>=2015.8,<2015.8.1c0689e32154c41f59840ae10ffc5fbfa30618710

Application impact
VendorProductVersionsFixed
saltstacksalt_20155.0
saltstacksalt_20155.1
saltstacksalt_20155.2
saltstacksalt_20155.3
saltstacksalt_20155.4
saltstacksalt_20155.5
saltstacksalt_20158.0

References

CWEs

CWE-534

Verify integrity in audit chain (admin only). AS-IS.