Remote Code Execution (RCE)

Salt is vulnerable to remote code execution RCE. The localbatch client external authentication does not accept externalauth credentials. This allows code execution for already-authenticated users and is only in effect when running salt-api as the root user...

PT-2021-5491 · Saltstack +3 · Saltstack Salt +3

Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions prior to 3002.5 Description: The issue is related to insufficient argument checking in the salt.utils.thin.gen thin function, allowing for command injection when crafted web requests are sent to the Salt API. This is d...

PT-2021-5177 · Saltstack +3 · Saltstack Salt +3

Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions prior to 3002.5 Description: The issue is related to improper access restriction in SaltStack Salt, allowing a remote attacker to gain unauthorized access to restricted functions. Specifically, salt-api does not honor...

openSUSE Security Update : salt (openSUSE-2016-318)

This update for salt fixes the following issues : - CVE-2016-1866: Improper handling of clear messages on the minion remote code execution boo965403 The following bugs were fixed : - boo958350: Salt crashes on invalid UTF-8 in package data - boo959572: 'salt '' pkg.infoinstalled' causes exception...