The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Salt | Saltstack | 0.11.0 (including) | 0.11.0 (including) |
| Salt | Saltstack | 0.12.0 (including) | 0.12.0 (including) |
| Salt | Saltstack | 0.13.0 (including) | 0.13.0 (including) |
| Salt | Saltstack | 0.14.0 (including) | 0.14.0 (including) |
| Salt | Saltstack | 0.15.0 (including) | 0.15.0 (including) |
| Salt | Saltstack | 0.15.1 (including) | 0.15.1 (including) |
| Salt | Saltstack | 0.16.0 (including) | 0.16.0 (including) |
| Salt | Saltstack | 0.16.2 (including) | 0.16.2 (including) |
| Salt | Saltstack | 0.16.3 (including) | 0.16.3 (including) |
| Salt | Saltstack | 0.16.4 (including) | 0.16.4 (including) |
| Salt | Saltstack | 0.17.0 (including) | 0.17.0 (including) |