Lucene search
K

40 matches found

Veracode
Veracode
added 2022/03/31 7:0 a.m.7 views

Authentication Bypass

salt is vulnerable to authentication bypass. The vulnerability exists in the validatetgt function in minions.py because the publisher acls are not properly applied when the minions are behind a syndic which allows a user to access and publish commands to any configured minion...

8.8CVSS6.9AI score0.01315EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/03/30 3:33 p.m.10 views

SUSE-SU-2022:1059-1 Security update for salt

This update for salt fixes the following issues: - CVE-2022-22935: Sign authentication replies to prevent MiTM bsc1197417 - CVE-2022-22934: Sign pillar data to prevent MiTM attacks. bsc1197417 - CVE-2022-22936: Prevent job and fileserver replays bsc1197417 - CVE-2022-22941: Fixed targeting bug,...

8.8CVSS6.2AI score0.01586EPSS
Exploits0References6
OSV
OSV
added 2021/11/02 1:7 p.m.7 views

OPENSUSE-SU-2021:1443-1 Security update for salt

This update for salt fixes the following issues: - Support querying for JSON data in external sql pillar. - Exclude the full path of a download URL to prevent injection of malicious code. bsc1190265, CVE-2021-21996 This update was imported from the SUSE:SLE-15-SP2:Update update project...

7.5CVSS7.7AI score0.03514EPSS
Exploits0References3
OSV
OSV
added 2021/10/27 1:29 p.m.8 views

SUSE-SU-2021:3557-1 Security update for salt

This update for salt fixes the following issues: - CVE-2021-21996: Exclude the full path of a download URL to prevent injection of malicious code. bsc1190265...

7.5CVSS7.6AI score0.03514EPSS
Exploits0References3
OSV
OSV
added 2021/10/27 1:29 p.m.6 views

SUSE-SU-2021:3556-1 Security update for salt

This update for salt fixes the following issues: - Support querying for JSON data in external sql pillar. - Exclude the full path of a download URL to prevent injection of malicious code. bsc1190265, CVE-2021-21996...

7.5CVSS7.6AI score0.03514EPSS
Exploits0References3
OSV
OSV
added 2021/10/27 1:28 p.m.6 views

SUSE-SU-2021:3553-1 Security update for Salt

This update fixes the following issues: salt: - Support querying for JSON data in external sql pillar - Exclude the full path of a download URL to prevent injection of malicious code bsc1190265, CVE-2021-21996 - Fix wrong relative paths resolution with Jinja renderer when importing subdirectories...

7.5CVSS7.7AI score0.03514EPSS
Exploits0References3
OSV
OSV
added 2021/07/11 12:4 p.m.7 views

OPENSUSE-SU-2021:2106-1 Security update for salt

This update for salt fixes the following issues: Update to Salt release version 3002.2 jscECO-3212, jscSLE-18033, jscSLE-18028 - Check if dpkgnotify is executable bsc1186674 - Drop support for Python2. Obsoletes python2-salt package jscSLE-18028 - virt module updates network: handle missing ipv4...

9.8CVSS8AI score0.96405EPSS
Exploits29References18
OSV
OSV
added 2021/06/21 5:20 p.m.6 views

SUSE-SU-2021:2102-1 Security update for Salt

This update fixes the following issues: salt: - Parsing Epoch out of version provided during pkg remove bsc1173692 - Fix issue parsing errors in ansiblegate state module - Prevent command injection in the snapper module bsc1185281 CVE-2021-31607 - Transactionalupdate: detect recursion in the...

7.8CVSS7.9AI score0.03808EPSS
Exploits1References8
Veracode
Veracode
added 2021/03/01 6:7 a.m.45 views

OS Command Injection

salt is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands via a malicious process name through the restartcheck function...

7.8CVSS5.4AI score0.04302EPSS
Exploits2References15Affected Software1
OSV
OSV
added 2021/01/24 12:0 a.m.31 views

DSA-4837-1 salt - security update

Bulletin has no description...

9.8CVSS7.5AI score0.99585EPSS
Exploits5
OSV
OSV
added 2020/07/28 12:0 a.m.34 views

DLA-2294-1 salt - security update

Bulletin has no description...

9.8CVSS7.2AI score0.05199EPSS
Exploits0
OSV
OSV
added 2020/05/06 12:0 a.m.47 views

DSA-4676-1 salt - security update

Bulletin has no description...

9.8CVSS8.5AI score0.96405EPSS
Exploits25
Veracode
Veracode
added 2018/10/25 5:21 a.m.20 views

Remote Code Execution (RCE)

salt is vulnerable to remote code execution RCE attacks. The vulnerability exists due to the improper processing of spaces in the file path which may allow RCE attacks...

9.8CVSS9.5AI score0.05199EPSS
Exploits0References9Affected Software1
Veracode
Veracode
added 2018/04/11 3:3 a.m.5 views

Information Disclosure

salt is vulnerable to information disclosure attacks. The vulnerability exists through persisted accumulator files as they usually have the default word-readable permissions, specified by umask, allowing anyone to read it...

6.1AI score
Exploits0
Veracode
Veracode
added 2017/10/25 3:26 a.m.23 views

Denial Of Service (DoS)

salt is vulnerable to denial of service DoS attacks. The attacks can be triggered when a malicious user sends an authentication request with payload containing an id with a null byte...

7.5CVSS8.3AI score0.02739EPSS
Exploits0References7Affected Software1
Veracode
Veracode
added 2017/02/16 7:22 a.m.8 views

Insecure Redirection

salt is vulnerable to insecure redirection. Due to a flaw, it performs redirections and thus bypasses security checks...

6.6AI score
Exploits0
OSV
OSV
added 2016/07/28 9:6 a.m.7 views

SUSE-SU-2016:1895-1 Security update for salt

salt was updated to fix one security issue. This security issue was fixed: - CVE-2015-8034: Prevent saving state.sls cache data to disk with insecure permissions bsc957914...

3.3CVSS3.7AI score0.00407EPSS
Exploits0References3
OSV
OSV
added 2016/04/12 2:59 p.m.6 views

CVE-2016-1866

Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master data stream...

8.1CVSS8.3AI score
Exploits0References2
OSV
OSV
added 2016/04/07 9:27 a.m.6 views

SUSE-SU-2016:0970-1 Security update for salt

salt was updated to fix one security issue. This security issue was fixed: - CVE-2016-3176: Insecure configuration of PAM external authentication service. Authenticating were able to specify the PAM service bsc972436...

5.6CVSS5.6AI score0.00873EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2016/04/07 12:0 a.m.3 views

PT-2017-8352

Name of the Vulnerable Software and Affected Versions Salt versions prior to 2015.5.10 Salt versions 2015.8.x prior to 2015.8.8 Description The issue allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient when PAM extern...

5.6CVSS5.9AI score0.00873EPSS
Exploits0References22
Rows per page
Query Builder