40 matches found
Authentication Bypass
salt is vulnerable to authentication bypass. The vulnerability exists in the validatetgt function in minions.py because the publisher acls are not properly applied when the minions are behind a syndic which allows a user to access and publish commands to any configured minion...
SUSE-SU-2022:1059-1 Security update for salt
This update for salt fixes the following issues: - CVE-2022-22935: Sign authentication replies to prevent MiTM bsc1197417 - CVE-2022-22934: Sign pillar data to prevent MiTM attacks. bsc1197417 - CVE-2022-22936: Prevent job and fileserver replays bsc1197417 - CVE-2022-22941: Fixed targeting bug,...
OPENSUSE-SU-2021:1443-1 Security update for salt
This update for salt fixes the following issues: - Support querying for JSON data in external sql pillar. - Exclude the full path of a download URL to prevent injection of malicious code. bsc1190265, CVE-2021-21996 This update was imported from the SUSE:SLE-15-SP2:Update update project...
SUSE-SU-2021:3557-1 Security update for salt
This update for salt fixes the following issues: - CVE-2021-21996: Exclude the full path of a download URL to prevent injection of malicious code. bsc1190265...
SUSE-SU-2021:3556-1 Security update for salt
This update for salt fixes the following issues: - Support querying for JSON data in external sql pillar. - Exclude the full path of a download URL to prevent injection of malicious code. bsc1190265, CVE-2021-21996...
SUSE-SU-2021:3553-1 Security update for Salt
This update fixes the following issues: salt: - Support querying for JSON data in external sql pillar - Exclude the full path of a download URL to prevent injection of malicious code bsc1190265, CVE-2021-21996 - Fix wrong relative paths resolution with Jinja renderer when importing subdirectories...
OPENSUSE-SU-2021:2106-1 Security update for salt
This update for salt fixes the following issues: Update to Salt release version 3002.2 jscECO-3212, jscSLE-18033, jscSLE-18028 - Check if dpkgnotify is executable bsc1186674 - Drop support for Python2. Obsoletes python2-salt package jscSLE-18028 - virt module updates network: handle missing ipv4...
SUSE-SU-2021:2102-1 Security update for Salt
This update fixes the following issues: salt: - Parsing Epoch out of version provided during pkg remove bsc1173692 - Fix issue parsing errors in ansiblegate state module - Prevent command injection in the snapper module bsc1185281 CVE-2021-31607 - Transactionalupdate: detect recursion in the...
OS Command Injection
salt is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands via a malicious process name through the restartcheck function...
DSA-4837-1 salt - security update
Bulletin has no description...
DLA-2294-1 salt - security update
Bulletin has no description...
DSA-4676-1 salt - security update
Bulletin has no description...
Remote Code Execution (RCE)
salt is vulnerable to remote code execution RCE attacks. The vulnerability exists due to the improper processing of spaces in the file path which may allow RCE attacks...
Information Disclosure
salt is vulnerable to information disclosure attacks. The vulnerability exists through persisted accumulator files as they usually have the default word-readable permissions, specified by umask, allowing anyone to read it...
Denial Of Service (DoS)
salt is vulnerable to denial of service DoS attacks. The attacks can be triggered when a malicious user sends an authentication request with payload containing an id with a null byte...
Insecure Redirection
salt is vulnerable to insecure redirection. Due to a flaw, it performs redirections and thus bypasses security checks...
SUSE-SU-2016:1895-1 Security update for salt
salt was updated to fix one security issue. This security issue was fixed: - CVE-2015-8034: Prevent saving state.sls cache data to disk with insecure permissions bsc957914...
CVE-2016-1866
Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master data stream...
SUSE-SU-2016:0970-1 Security update for salt
salt was updated to fix one security issue. This security issue was fixed: - CVE-2016-3176: Insecure configuration of PAM external authentication service. Authenticating were able to specify the PAM service bsc972436...
PT-2017-8352
Name of the Vulnerable Software and Affected Versions Salt versions prior to 2015.5.10 Salt versions 2015.8.x prior to 2015.8.8 Description The issue allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient when PAM extern...