PYSEC-2021-346

An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion software...

CVE-2021-22004

Removed by vendor...

CVE-2021-21996

An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and sourcehash URLs can gain full file system access as root on a salt minion...

Top 15 Vulnerabilities Attackers Exploited Millions of Times to Hack Linux Systems

Close to 14 million Linux-based systems are directly exposed to the Internet, making them a lucrative target for an array of real-world attacks that could result in the deployment of malicious web shells, coin miners, ransomware, and other trojans. That's according to an in-depth look at the Linu...

SUSE SLES11 Security Update : SUSE Manager Client Tools (SUSE-SU-2021:14753-1)

The remote SUSE Linux SLES11 / SLESSAP11 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:14753-1 advisory. - In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege...

SUSE SLES11 Security Update : SUSE Manager Client Tools (SUSE-SU-2020:14538-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14538-1 advisory. - An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can resul...

SUSE SLES11 Security Update : salt (SUSE-SU-2021:14650-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14650-1 advisory. - An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process...

Unspecified Vulnerability in SaltStack Salt (CNVD-2021-15043)

SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack Saltstack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt versions prior to Salt 3002.5, which stems from the fact that eaut...

Unspecified Vulnerability in SaltStack Salt (CNVD-2021-15045)

SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack Saltstack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt versions prior to Salt 3002.5 that stems from the failure to alway...

Unspecified Vulnerability in SaltStack Salt (CNVD-2021-15044)

SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack Saltstack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt versions prior to Salt 3002.5 that stems from the ability to log...

Unspecified Vulnerability in SaltStack Salt (CNVD-2021-15046)

SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack Saltstack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt versions prior to Salt 3002.5, which stems from the fact that...

SaltStack Salt Command Injection Vulnerability (CNVD-2021-15055)

SaltStack Salt is a new way to manage infrastructure, easy to deploy, up and running in minutes, scales well, easily manages tens of thousands of servers, and is fast enough to communicate between servers in seconds. A command injection vulnerability exists in SaltStack Salt versions prior to Sal...

SaltStack Salt Command Injection Vulnerability (CNVD-2021-15056)

SaltStack Salt is a new way to manage infrastructure, easy to deploy, up and running in minutes, scales well, easily manages tens of thousands of servers, and is fast enough to communicate between servers in seconds. SaltStack Salt A command injection vulnerability exists in the restart check for...

SaltStack Salt shell injection vulnerability

SaltStack Salt is a new way to manage infrastructure, easy to deploy, up and running in minutes, scales well, easily manages tens of thousands of servers, and is fast enough to communicate between servers in seconds. A shell injection vulnerability exists in the ssh client of the salt-api in...

CVE-2021-25284

An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level...

CVE-2021-3197

An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request...

CVE-2021-3197

An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request...

CVE-2021-25284

An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level...

CVE-2021-3148

An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.genthin command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py...

CVE-2020-28243

An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory...