SUSE SLED15 / SLES15 Security Update : salt (SUSE-SU-2020:1974-1)

This update for salt contains the following fixes : Fix for TypeError in Tornado importer bsc1174165 Require python3-distro only for TW bsc1173072 Update to Salt version 3000: See release notes: https://docs.saltstack.com/en/latest/topics/releases/3000.html Add docker.logout to docker execution...

openSUSE: Security Advisory for salt (openSUSE-SU-2020:0357-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SaltStack Salt Command Injection Vulnerability

SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. The tool provides configuration management, remote execution, and more. A command injection vulnerability exists in the salt-api NEST API ssh client enabled in SaltStack Salt 2019.2.0 and earlier. The...

CVE-2019-17361

In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host...

PYSEC-2020-177

In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host...

UBUNTU-CVE-2019-17361

In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host...

PYSEC-2020-177

In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host...

CVE-2019-17361

In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host...

CVE-2019-17361

CVE-2019-17361 affects Salt before 2019.2.3, where the salt-api NET API with the ssh client enabled is vulnerable to remote command execution. The vulnerability allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host. Affected advi...

CVE-2019-17361

In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host...

salt -- salt-api vulnerability

SaltStack reports: With the Salt NetAPI enabled in addition to having a SSH roster defined, unauthenticated access is possible when specifying the client as SSH. Additionally, when the rawshell option is specified any arbitrary command may be run on the Salt master when specifying SSH options...

CVE-2018-15751

SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-apinetapi...

PT-2020-3642 · Saltstack +3 · Saltstack Salt +3

Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions prior to 2019.2.3 SaltStack Salt versions prior to 2019.2.0 Description: The issue allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host. This is due ...

openSUSE Security Update : salt (openSUSE-2018-1574)

This update for salt fixes the following issues : - Crontab module fix: file attributes option missing boo1114824 - Fix gitpillar merging across multiple env repositories boo1112874 - Bugfix: unable to detect os arch when RPM is not installed boo1114197 - Fix LDAP authentication issue when a vali...

openSUSE: Security Advisory for salt (openSUSE-SU-2018:4174-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for salt (important)

This update for salt fixes the following issues: Security issues fixed: - CVE-2018-15750: Fixed directory traversal vulnerability in salt-api bsc1113698. - CVE-2018-15751: Fixed remote authentication bypass in salt-apinetapi that allows to execute arbitrary commands bsc1113699. Non-security issue...

SUSE-SU-2018:3816-1 Security update for py26-compat-salt

This update for py26-compat-salt fixes the following issues: Salt was updated to version 2016.11.10 and contains the following fixes: Security issues fixed: - CVE-2018-15750: Fixed directory traversal vulnerability in salt-api bsc1113698. - CVE-2018-15751: Fixed remote authentication bypass in...

PYSEC-2018-30

SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-apinetapi...

UBUNTU-CVE-2018-15750

Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server...

PYSEC-2018-30

SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-apinetapi...