CVE-2015-6941

Summary

CVE	CVE-2015-6941
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2017-08-09 16:29:00 UTC
Updated	2017-08-21 15:25:00 UTC
Description	win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs.

Risk And Classification

Problem Types: CWE-534

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Saltstack	Salt 2015	5.0	All	All	All
Application	Saltstack	Salt 2015	5.1	All	All	All
Application	Saltstack	Salt 2015	5.2	All	All	All
Application	Saltstack	Salt 2015	5.3	All	All	All
Application	Saltstack	Salt 2015	5.4	All	All	All
Application	Saltstack	Salt 2015	5.5	All	All	All
Application	Saltstack	Salt 2015	8.0	All	All	All
Application	Saltstack	Salt 2015	5.0	All	All	All
Application	Saltstack	Salt 2015	5.1	All	All	All
Application	Saltstack	Salt 2015	5.2	All	All	All
Application	Saltstack	Salt 2015	5.3	All	All	All
Application	Saltstack	Salt 2015	5.4	All	All	All
Application	Saltstack	Salt 2015	5.5	All	All	All
Application	Saltstack	Salt 2015	8.0	All	All	All

References

Reference	Source	Link	Tags
Replaced password with redacted when displayed · twangboy/salt@c0689e3 · GitHub	CONFIRM	github.com	Patch, Third Party Advisory
Salt 2015.8.1 Release Notes	CONFIRM	docs.saltstack.com	Release Notes, Vendor Advisory
1273066 – (CVE-2015-6941) CVE-2015-6941 salt: win_useradd module and salt-cloud display passwords in debug log	CONFIRM	bugzilla.redhat.com	Issue Tracking, Patch, Third Party Advisory, VDB Entry
Salt 2015.5.6 Release Notes	CONFIRM	docs.saltstack.com	Release Notes, Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.