SaltStack <=3002 - Shell Injection

SaltStack Salt through 3002 allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt-API using the SSH client. id: CVE-2020-16846 info: name: SaltStack =3003 to mitigate this vulnerability. reference: -...

Ubuntu: Security Advisory (USN-6948-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2020-16846

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection...

CVE-2019-16846

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none...

elita (>=0.60.0 <=0.64.1) potentially affected by CVE-2020-16846 via salt (=2014.1.10)

salt PYPI version =2014.1.10 is affected by a known vulnerability. The following packages have a transitive dependency on salt and may be impacted: - elita =0.60.0, =0.64.1 Source cves: CVE-2020-16846 Source advisory: OSV:GHSA-QR38-H96J-2J3W...

[SECURITY] [DLA 2480-2] salt regression update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2480-2 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler January 03, 2022 https://wiki.debian.org/LTS -...

Exploit for OS Command Injection in Saltstack Salt

CVE-2020-16846-Saltstack-Salt-API Vulnerability Explained: An...

SUSE SLES11 Security Update : SUSE Manager Client Tools (SUSE-SU-2020:14538-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14538-1 advisory. - An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can resul...

SUSE: Security Advisory (SUSE-SU-2020:3243-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2019:0586-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:3155-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2019:0499-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:3244-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-4837-1 : salt - security update

Several vulnerabilities were discovered in salt, a powerful remote execution manager. The flaws could result in authentication bypass and invocation of Salt SSH, creation of certificates with weak file permissions via the TLS execution module or shell injections with the Salt API using the SSH...

[SECURITY] [DSA 4837-1] salt security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4837-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 24, 2021 https://www.debian.org/security/faq -...

Debian DLA-2480-2 : salt regression update

Past security updates of Salt, a remote execution manager, introduced regressions for which follow-up fixes were published : CVE 2020-16846 regression 'salt-ssh' master key initialization fails CVE 2021-3197 regression Valid parameters are discarded for the SSHClient CVE 2020-28243 follow-up...

Debian: Security Advisory (DLA-2480-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2480-1] salt security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2480-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA December 04, 2020 https://wiki.debian.org/LTS -...

SaltStack Salt REST API Arbitrary Command Execution

This module exploits an authentication bypass and command injection in SaltStack Salt's REST API to execute commands as the root user. The following versions have received a patch: 2015.8.10, 2015.8.13, 2016.3.4, 2016.3.6, 2016.3.8, 2016.11.3, 2016.11.6, 2016.11.10, 2017.7.4, 2017.7.8, 2018.3.5,...

SaltStack Salt REST API Arbitrary Command Execution Exploit

This Metasploit module exploits an authentication bypass and command injection in SaltStack Salt's REST API to execute commands as the root user. The following versions have received a patch: 2015.8.10, 2015.8.13, 2016.3.4, 2016.3.6, 2016.3.8, 2016.11.3, 2016.11.6, 2016.11.10, 2017.7.4, 2017.7.8,...