Linux Distros Unpatched Vulnerability : CVE-2022-22934

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion's public key, which ca...

PT-2025-25392 · Saltstack +1 · Saltstack +1

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url, which could cause an arbitrary command to be run on the master with...

SaltStack Salt 安全漏洞

SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt that stems from an attacker being able to traverse a directory in order to...

SaltStack Salt Security Vulnerabilities

SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt versions prior to 3005.2 or 3006.2, which stems from the Git provider progra...

SUSE CVE-2021-33226

Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. NOTE: this is disputed by third parties because an attacker cannot influence the eval input...

CVE-2021-33226

Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. NOTE: this is disputed by third parties because an attacker cannot influence the eval input...

CVE-2021-33226

Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. NOTE: this is disputed by third parties because an attacker cannot influence the eval input...

SUSE CVE-2013-2228

SaltStack RSA Key Generation allows remote users to decrypt communications...

SUSE CVE-2021-3197

An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request...

SaltStack Salt 安全漏洞

SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt versions prior to 3002.9, prior to 3003.5, and prior to 3004.2, which stems...

GHSA-7WX3-VR2F-6P29 SaltStack Privilege Escalation vulnerability

The salt master in Salt aka SaltStack 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges...

GHSA-V89F-4MC4-H6W9 Salt has insufficient argument validation in several modules

Salt aka SaltStack 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine...

PYSEC-2022-174

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisheracl, if a user configured in the publisheracl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid,...

UBUNTU-CVE-2022-22934

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data...

SaltStack Salt Elevation of Privilege Vulnerability

Saltstack SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack Saltstack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt versions 2016.9 through 3002.6, which stems from a comma...

PT-2021-6057 · Saltstack +2 · Saltstack Salt +2

Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions 2016.9 through 3002.6 Description: The issue is related to a command injection vulnerability in the snapper module of SaltStack Salt, which can be exploited to achieve local privilege escalation on a minion. This can...

The vulnerability of the configuration management system and remote execution capabilities of SaltStack Salt, related to errors in the certificate validation process, allows a perpetrator to carry out a “man-in-the-middle” attack.

The vulnerability of the configuration management system and the remote execution of operations in SaltStack Salt is related to errors in the certificate validation process on vCenter, vSphere, and ESXi servers. Exploiting this vulnerability allows a malicious actor to carry out a...

Exploit for Improper Authentication in Saltstack Salt

CVE-2021-25281...

SaltStack Unauthenticated RCE (direct check)

Binary data saltstackcve-2020-16846.nbin...

Hackers Breach LineageOS, Ghost, DigiCert Servers Using SaltStack Vulnerability

Days after cybersecurity researchers sounded the alarm over two critical vulnerabilities in the SaltStack configuration framework, a hacking campaign has already begun exploiting the flaws to breach servers of LineageOS, Ghost, and DigiCert. Tracked as CVE-2020-11651 and CVE-2020-11652 , the...