The salt-ssh minion code in SaltStack Salt copies over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients). Upstream bug: https://github.com/saltstack/salt/issues/40075 Upstream patch: https://github.com/saltstack/salt/pull/40609/commits/6e34c2b5e5e849302af7ccd00509929c3809c658 References: https://docs.saltstack.com/en/latest/topics/releases/2016.11.4.html
Created salt tracking bugs for this issue: Affects: epel-all [bug 1418350]
Statement: This issue did not affect the versions of the salt as shipped with Red Hat Ceph Storage 1.3, Red Hat Ceph Storage 2, and Red Hat Storage Console 2 as salt-ssh is not used with these products.