853 matches found
PYSEC-2021-56
In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff...
CVE-2021-31607
In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff...
CVE-2021-31607
Removed by vendor...
CVE-2021-31607
CVE-2021-31607 affects SaltStack Salt 2016.9 through 3002.6, via a command injection in the snapper module that enables local privilege escalation on a minion. The attack requires creation of a file with a path backed up by snapper, followed by the master invoking snapper.diff, which executes pop...
CVE-2021-31607
In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff...
SaltStack Salt 操作系统命令注入漏洞
Saltstack SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack Saltstack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt versions 2016.9 through 3002.6, which stems from a comma...
SaltStack Salt Minion Installed (Linux)
Binary data saltstacksaltminionlinuxinstalled.nbin...
Metasploit Wrap-Up
Sprinkle on the Modules The first quarter of 2021 has given us wave after wave of Exchange vulnerabilities, and while our awesome contributors helped us continue coverage with another Exchange module we were able to add to Metasploit, we also added modules covering very heavy-hitting...
PT-2021-6057 · Saltstack +2 · Saltstack Salt +2
Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions 2016.9 through 3002.6 Description: The issue is related to a command injection vulnerability in the snapper module of SaltStack Salt, which can be exploited to achieve local privilege escalation on a minion. This can...
SaltStack Salt API Unauthenticated Remote Command Execution Exploit
This Metasploit module leverages an authentication bypass and directory traversal vulnerabilities in Saltstack Salt's REST API to execute commands remotely on the master as the root user. Every 60 seconds, salt-master service performs a maintenance process check that reloads and executes all the...
SaltStack Salt API Unauthenticated RCE through wheel_async client
This module leverages an authentication bypass and directory traversal vulnerabilities in Saltstack Salt's REST API to execute commands remotely on the master as the root user. Every 60 seconds, salt-master service performs a maintenance process check that reloads and executes all the grains on t...
SaltStack Salt API Unauthenticated Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SaltStack Salt API Unauthenticated RCE through wheelasync client', 'Description' = %q This module leverages an authentication bypass and director...
SaltStack < 3002.5 Multiple Vulnerabilities
According to its self-reported version number, the instance of SaltStack hosted on the remote server is affected by multiple vulnerabilities: - The Salt-APIâs SSH client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request...
Unspecified Vulnerability in SaltStack Salt (CNVD-2021-15043)
SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack Saltstack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt versions prior to Salt 3002.5, which stems from the fact that eaut...
Unspecified Vulnerability in SaltStack Salt (CNVD-2021-15045)
SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack Saltstack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt versions prior to Salt 3002.5 that stems from the failure to alway...
Unspecified Vulnerability in SaltStack Salt (CNVD-2021-15046)
SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack Saltstack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt versions prior to Salt 3002.5, which stems from the fact that...
Unspecified Vulnerability in SaltStack Salt (CNVD-2021-15044)
SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack Saltstack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt versions prior to Salt 3002.5 that stems from the ability to log...
FreeBSD : salt -- multiple vulnerabilities (a1e03a3d-7be0-11eb-b392-20cf30e32f6d)
SaltStack reports multiple security vulnerabilities in Salt - CVE-2021-3197: The Salt-API.s SSH client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request. - CVE-2021-25281: The Salt-API does not have eAuth credentials for the...
SaltStack Salt Command Injection Vulnerability (CNVD-2021-15055)
SaltStack Salt is a new way to manage infrastructure, easy to deploy, up and running in minutes, scales well, easily manages tens of thousands of servers, and is fast enough to communicate between servers in seconds. A command injection vulnerability exists in SaltStack Salt versions prior to Sal...
SaltStack Salt Command Injection Vulnerability (CNVD-2021-15056)
SaltStack Salt is a new way to manage infrastructure, easy to deploy, up and running in minutes, scales well, easily manages tens of thousands of servers, and is fast enough to communicate between servers in seconds. SaltStack Salt A command injection vulnerability exists in the restart check for...