Lucene search
K

93 matches found

OSV
OSV
added 2024/02/15 1:41 p.m.5 views

SUSE-SU-2024:0507-1 Security update for salt

This update for salt fixes the following issues: Security issues fixed: - CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master bsc1219430 - CVE-2024-22232: Prevent directory traversal attacks in the master's servefile method bsc1219431 Bugs fixed: - Ensur...

7.7CVSS6AI score0.0083EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2023/11/10 12:0 a.m.18 views

SUSE SLED15: python3-salt / salt / salt-api / salt-bash-completion / salt-cloud / etc (SUSE-SU-2023:4386-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4386-1 advisory. Security issues fixed: - CVE-2023-34049: arbitrary code execution via symlink attack bsc1215157 Bugs fixe...

6.7CVSS7.3AI score0.00187EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2023/11/10 12:0 a.m.29 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : salt (SUSE-SU-2023:4388-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4388-1 advisory. - allows an attacker to force Salt-SSH to run their script fedora-all CVE-2023-34049 Note that Nessus has...

6.7CVSS7.1AI score0.00187EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2023/11/10 12:0 a.m.21 views

SUSE SLES15 Security Update : SUSE Manager Server 4.3 (SUSE-SU-2023:4412-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2023:4412-1 advisory. - Update to SUSE Manager 4.3.9 Debian 12 support as client New Update Notification jscSUMA-111 Monitoring: Grafana upgraded to 9.5.8 Update 'saltkey'...

6.7CVSS6.7AI score0.00187EPSS
Exploits0References26
Tenable Nessus
Tenable Nessus
added 2023/11/10 12:0 a.m.18 views

SUSE SLES15: python3-salt / salt / salt-api / salt-bash-completion / salt-cloud / etc (SUSE-SU-2023:4390-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4390-1 advisory. Security issues fixed: - CVE-2023-34049: arbitrary code execution via symlink attack bsc1215157 Bugs fixed: - Fix optimizationorder opt to...

6.7CVSS7.3AI score0.00187EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2023/11/10 12:0 a.m.17 views

SUSE SLES15: python3-salt / salt / salt-api / salt-bash-completion / salt-cloud / etc (SUSE-SU-2023:4389-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4389-1 advisory. Security issues fixed: - CVE-2023-34049: arbitrary code execution via symlink attack bsc1215157 Bugs fixed: - Fix optimizationorder opt to...

6.7CVSS7.3AI score0.00187EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2023/11/08 12:0 a.m.16 views

Fedora 37 : salt (2023-89e8f3efc5)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-89e8f3efc5 advisory. Fix for CVE-2023-34049 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

6.7CVSS7.1AI score0.00187EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/06/22 12:0 a.m.13 views

SUSE SLES15: python3-salt / salt / salt-api / salt-bash-completion / salt-cloud / etc (SUSE-SU-2023:2581-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2581-1 advisory. - Update to Salt release version 3006.0 jscPED-4361 See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html - A...

5.9AI score
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2023/06/22 12:0 a.m.13 views

SUSE SLES15: python3-salt / salt / salt-api / salt-bash-completion / salt-cloud / etc (SUSE-SU-2023:2572-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2572-1 advisory. - Update to Salt release version 3006.0 jscPED-4361 See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html - A...

5.9AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/06/21 12:0 a.m.4 views

PT-2023-36196 · Salt · Salt

Name of the Vulnerable Software and Affected Versions: salt versions prior to 3006.0 Description: The issue is related to several problems in the salt software, including collections Mapping issues, conflicts with dependencies, and failures due to the unavailability of the transactional update...

7.1AI score
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 5:35 a.m.2 views

SUSE CVE-2013-4437

Unspecified vulnerability in salt-ssh in Salt aka SaltStack 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp."...

10CVSS7AI score0.01458EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:54 a.m.2 views

SUSE CVE-2020-25592

In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH...

9.8CVSS9.9AI score0.57453EPSS
Exploits3References34
Positive Technologies
Positive Technologies
added 2023/01/01 12:0 a.m.3 views

PT-2023-24655 · Salt-Ssh +3 · Salt-Ssh +3

Name of the Vulnerable Software and Affected Versions: Salt-SSH affected versions not specified Description: The issue concerns a predictable script path in the Salt-SSH pre-flight option, allowing an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and...

8.1CVSS7.2AI score0.01207EPSS
Exploits1References94
Github Security Blog
Github Security Blog
added 2022/05/24 5:33 p.m.24 views

SaltStack Salt Improper Validation of eauth credentials and tokens in salt-netapi

In SaltStack the salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH...

9.8CVSS9.5AI score0.57453EPSS
Exploits3References15Affected Software1
OSV
OSV
added 2022/05/24 5:33 p.m.21 views

GHSA-29J3-2446-5J4W SaltStack Salt Improper Validation of eauth credentials and tokens in salt-netapi

In SaltStack the salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH...

9.8CVSS9.7AI score0.57453EPSS
Exploits3References15
OSV
OSV
added 2022/05/17 4:58 a.m.4 views

GHSA-QR3X-V97P-42XW SaltStack insecurely uses /tmp

Unspecified vulnerability in salt-ssh in Salt aka SaltStack 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp."...

10CVSS6.2AI score0.01458EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/17 2:46 a.m.28 views

SaltStack Salt Information Exposure

The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions clients...

7.8CVSS7.6AI score0.00431EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/04/25 2:41 p.m.9 views

SUSE-RU-2022:1391-1 Recommended update for salt

This update for salt fixes the following issues: - Fix regression preventing bootstrapping new clients caused by redundant dependency on psutil bsc1197533 - Prevent data pollution between actions processed at the same time bsc1197637 - Fix salt-ssh opts poisoning. bsc1197637 - Clear network...

8.8CVSS6AI score0.01586EPSS
Exploits0References12
OPENSUSE Linux
OPENSUSE Linux
added 2021/07/11 12:0 a.m.57 views

Security update for salt (critical)

openSUSE Security Update: Security update for salt Announcement ID: openSUSE-SU-2021:2106-1 Rating: critical References: 1171257 1176293 1179831 1181368 1182281 1182293 1182382 1185092 1185281 1186674 ECO-3212 SLE-18028 SLE-18033 Cross-References: CVE-2018-15750 CVE-2018-15751 CVE-2020-11651...

9.8CVSS9.1AI score0.96405EPSS
Exploits29References13
OPENSUSE Linux
OPENSUSE Linux
added 2021/06/23 12:0 a.m.45 views

Security update for salt (critical)

openSUSE Security Update: Security update for salt Announcement ID: openSUSE-SU-2021:0899-1 Rating: critical References: 1171257 1176293 1179831 1181368 1182281 1182293 1182382 1185092 1185281 1186674 ECO-3212 SLE-18028 SLE-18033 Cross-References: CVE-2018-15750 CVE-2018-15751 CVE-2020-11651...

9.8CVSS9.1AI score0.96405EPSS
Exploits29References13
Rows per page
Query Builder