GHSA-7WX3-VR2F-6P29 SaltStack Privilege Escalation vulnerability

The salt master in Salt aka SaltStack 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges...

SaltStack Privilege Escalation vulnerability

The salt master in Salt aka SaltStack 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges...

GHSA-JMV9-5GX8-7XPF Minion identity not validated in saltstack

Salt aka SaltStack before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key...

Minion identity not validated in saltstack

Salt aka SaltStack before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key...

SaltStack insecurely uses /tmp

Unspecified vulnerability in salt-ssh in Salt aka SaltStack 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp."...

GHSA-QR3X-V97P-42XW SaltStack insecurely uses /tmp

Unspecified vulnerability in salt-ssh in Salt aka SaltStack 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp."...

GHSA-F22J-37JJ-CXW9 SaltStack MITM SSH attack in salt-ssh

The default configuration for salt-ssh in Salt aka SaltStack 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle MITM attack...

SaltStack MITM SSH attack in salt-ssh

The default configuration for salt-ssh in Salt aka SaltStack 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle MITM attack...

GHSA-V89F-4MC4-H6W9 Salt has insufficient argument validation in several modules

Salt aka SaltStack 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine...

Salt has insufficient argument validation in several modules

Salt aka SaltStack 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine...

SaltStack has insecure /tmp file handling in salt/modules/chef.py

modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp...

GHSA-92PW-MFF9-JQGM Salt improper handling of tmp files

modules/serverdensitydevice.py in SaltStack before 2014.7.4 does not properly handle files in /tmp...

Salt improper handling of tmp files

modules/serverdensitydevice.py in SaltStack before 2014.7.4 does not properly handle files in /tmp...

GHSA-6GRP-75PQ-C8CJ SaltStack has insecure /tmp file handling in salt/modules/chef.py

modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp...

GHSA-XCX4-5WQ7-G5G7 SaltStack Salt Information Exposure

The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions clients...

SaltStack Salt Information Exposure

The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions clients...

SaltStack Salt Insecure Temporary File Creation

Multiple unspecified vulnerabilities in Salt aka SaltStack before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in 1 seed.py, 2 salt-ssh, or 3 salt-cloud...

GHSA-MFR3-9CJ8-H2QM SaltStack Salt Insecure Temporary File Creation

Multiple unspecified vulnerabilities in Salt aka SaltStack before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in 1 seed.py, 2 salt-ssh, or 3 salt-cloud...

GHSA-XXVJ-8G5M-4QGW SaltStack Salt Directory traversal vulnerability in minion id validation

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID...

SaltStack Salt Directory traversal vulnerability in minion id validation

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID...