Command Injection in SaltStack Salt

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff...

GHSA-HCJF-RP5H-G5H3 Command Injection in SaltStack Salt

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff...

GHSA-PMJ6-9F8C-8G2M Saltstack Salt Unauthenticated Arbitrary Code Execution

A Incorrect Implementation of Authentication Algorithm vulnerability in of SUSE SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE SUSE Linux Enterprise Server ...

Saltstack Salt Unauthenticated Arbitrary Code Execution

A Incorrect Implementation of Authentication Algorithm vulnerability in of SUSE SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE SUSE Linux Enterprise Server ...

GHSA-GHC2-HX3W-JQMP SaltStack Salt command injection in the Salt-API when using the Salt-SSH client

An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.genthin command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py...

GHSA-8RP6-X3R7-5QW3 SaltStack Salt is vulnerable to shell injection via ProxyCommand argument

An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request...

GHSA-W2HR-3MC8-46GH SaltStack Salt eauth tokens can be used once after expiration

In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. They might be used to run command against the salt master or minions...

SaltStack Salt is vulnerable to shell injection via ProxyCommand argument

An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request...

SaltStack Salt command injection in the Salt-API when using the Salt-SSH client

An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.genthin command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py...

SaltStack Salt eauth tokens can be used once after expiration

In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. They might be used to run command against the salt master or minions...

SaltStack Salt Directory Traversal vulnerability

An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillarroots.write method is vulnerable to directory traversal...

GHSA-XXW3-765M-F37P SaltStack Salt Improper Authentication vulnerability

An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheelasync client. Thus, an attacker can remotely run any wheel modules on the master...

GHSA-76X4-X3P6-RPR9 SaltStack Salt Directory Traversal vulnerability

An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillarroots.write method is vulnerable to directory traversal...

SaltStack Salt Server Side Template Injection

An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks...

SaltStack Salt Improper Authentication vulnerability

An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheelasync client. Thus, an attacker can remotely run any wheel modules on the master...

GHSA-XGMH-GFXW-2HVV SaltStack Salt Server Side Template Injection

An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks...

GHSA-R55W-XPH5-XVX2 SaltStack Salt Cleartext Storage of Sensitive Information via cmdmod

An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level...

SaltStack Salt Cleartext Storage of Sensitive Information via cmdmod

An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level...

SaltStack Salt command injection via a crafted process name

An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory...

GHSA-PHHW-3WC9-8Q75 SaltStack Salt command injection via a crafted process name

An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory...