93 matches found
SUSE-SU-2024:0507-1 Security update for salt
This update for salt fixes the following issues: Security issues fixed: - CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master bsc1219430 - CVE-2024-22232: Prevent directory traversal attacks in the master's servefile method bsc1219431 Bugs fixed: - Ensur...
SUSE SLED15: python3-salt / salt / salt-api / salt-bash-completion / salt-cloud / etc (SUSE-SU-2023:4386-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4386-1 advisory. Security issues fixed: - CVE-2023-34049: arbitrary code execution via symlink attack bsc1215157 Bugs fixe...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : salt (SUSE-SU-2023:4388-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4388-1 advisory. - allows an attacker to force Salt-SSH to run their script fedora-all CVE-2023-34049 Note that Nessus has...
SUSE SLES15 Security Update : SUSE Manager Server 4.3 (SUSE-SU-2023:4412-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2023:4412-1 advisory. - Update to SUSE Manager 4.3.9 Debian 12 support as client New Update Notification jscSUMA-111 Monitoring: Grafana upgraded to 9.5.8 Update 'saltkey'...
SUSE SLES15: python3-salt / salt / salt-api / salt-bash-completion / salt-cloud / etc (SUSE-SU-2023:4390-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4390-1 advisory. Security issues fixed: - CVE-2023-34049: arbitrary code execution via symlink attack bsc1215157 Bugs fixed: - Fix optimizationorder opt to...
SUSE SLES15: python3-salt / salt / salt-api / salt-bash-completion / salt-cloud / etc (SUSE-SU-2023:4389-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4389-1 advisory. Security issues fixed: - CVE-2023-34049: arbitrary code execution via symlink attack bsc1215157 Bugs fixed: - Fix optimizationorder opt to...
Fedora 37 : salt (2023-89e8f3efc5)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-89e8f3efc5 advisory. Fix for CVE-2023-34049 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...
SUSE SLES15: python3-salt / salt / salt-api / salt-bash-completion / salt-cloud / etc (SUSE-SU-2023:2581-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2581-1 advisory. - Update to Salt release version 3006.0 jscPED-4361 See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html - A...
SUSE SLES15: python3-salt / salt / salt-api / salt-bash-completion / salt-cloud / etc (SUSE-SU-2023:2572-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2572-1 advisory. - Update to Salt release version 3006.0 jscPED-4361 See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html - A...
PT-2023-36196 · Salt · Salt
Name of the Vulnerable Software and Affected Versions: salt versions prior to 3006.0 Description: The issue is related to several problems in the salt software, including collections Mapping issues, conflicts with dependencies, and failures due to the unavailability of the transactional update...
SUSE CVE-2013-4437
Unspecified vulnerability in salt-ssh in Salt aka SaltStack 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp."...
SUSE CVE-2020-25592
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH...
PT-2023-24655 · Salt-Ssh +3 · Salt-Ssh +3
Name of the Vulnerable Software and Affected Versions: Salt-SSH affected versions not specified Description: The issue concerns a predictable script path in the Salt-SSH pre-flight option, allowing an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and...
SaltStack Salt Improper Validation of eauth credentials and tokens in salt-netapi
In SaltStack the salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH...
GHSA-29J3-2446-5J4W SaltStack Salt Improper Validation of eauth credentials and tokens in salt-netapi
In SaltStack the salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH...
GHSA-QR3X-V97P-42XW SaltStack insecurely uses /tmp
Unspecified vulnerability in salt-ssh in Salt aka SaltStack 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp."...
SaltStack Salt Information Exposure
The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions clients...
SUSE-RU-2022:1391-1 Recommended update for salt
This update for salt fixes the following issues: - Fix regression preventing bootstrapping new clients caused by redundant dependency on psutil bsc1197533 - Prevent data pollution between actions processed at the same time bsc1197637 - Fix salt-ssh opts poisoning. bsc1197637 - Clear network...
Security update for salt (critical)
openSUSE Security Update: Security update for salt Announcement ID: openSUSE-SU-2021:2106-1 Rating: critical References: 1171257 1176293 1179831 1181368 1182281 1182293 1182382 1185092 1185281 1186674 ECO-3212 SLE-18028 SLE-18033 Cross-References: CVE-2018-15750 CVE-2018-15751 CVE-2020-11651...
Security update for salt (critical)
openSUSE Security Update: Security update for salt Announcement ID: openSUSE-SU-2021:0899-1 Rating: critical References: 1171257 1176293 1179831 1181368 1182281 1182293 1182382 1185092 1185281 1186674 ECO-3212 SLE-18028 SLE-18033 Cross-References: CVE-2018-15750 CVE-2018-15751 CVE-2020-11651...