What is CVE-2015-1839?

CVE-2015-1839 is a medium-severity software vulnerability (CWE-19) with a CVSS score of 5.3. modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.

Is CVE-2015-1839 being actively exploited?

It is not currently in CISA's KEV catalog. Its EPSS exploitation probability is 0%.

What products does CVE-2015-1839 affect?

Tracked products affected include Salt. Check the version you run to see whether it is affected.

How do I fix CVE-2015-1839?

Apply the vendor fix in your normal patch cycle. An official patch or advisory is available. Upgrade affected products to a fixed version.

← All products

CVE-2015-1839

MEDIUM severity · CVSS 5.3 · CWE-19

5.3CVSS MEDIUM

Summary

modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.

Impact & exploitability

Attack vectorLocal

Attack complexityLow

Privileges requiredLow

User interactionNone

Confidentiality impactLow

Integrity impactLow

Availability impactLow

Exploit probability (EPSS)0%

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Affected products we track (1)

Salt

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Official patch: https://bugzilla.redhat.com/show_bug.cgi?id=1212788 ↗

Additional information

NVD record
https://bugzilla.redhat.com/show_bug.cgi?id=1212788Patch
https://github.com/saltstack/salt/commit/22d2f7a1ec93300c34e8c42d14ec39d51e610b5cPatch
https://github.com/saltstack/salt/commit/b49d0d4b5ca5c6f31f03e2caf97cef1088eeed81Patch
https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.htmlAdvisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175568.htmlAdvisory