win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSaltstack Salt 2015
APPSaltstack5.05.15.25.35.45.58.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References
Related vulnerabilities
CVE-2015-6918MEDIUM6.3ten sam produkt
salt before 2015.5.5 leaks git usernames and passwords to the log.
CVE-2020-16846CRITICAL9.8⚠ KEVten sam vendor
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the...
CVE-2020-11651CRITICAL9.8⚠ KEVten sam vendor
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process Clea...
CVE-2024-38824CRITICAL9.6PL ✓ten sam vendor
Path Traversal w SaltStack Salt – zapis dowolnych plików w katalogu cache mastera
CVE-2021-33226CRITICAL9.8ten sam vendor
Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the...