Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

853 matches found

Tenable Nessus
Tenable Nessusadded 2025/09/02 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-3197

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, ...

9.8CVSS7.2AI score0.09933EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/09/02 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2021-25283

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks...

9.8CVSS7.2AI score0.10038EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/09/02 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2022-22941

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisheracl, if a user...

8.8CVSS6.8AI score0.00016EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/09/02 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-3144

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. They might be used to run command against the salt master or minions...

9.1CVSS8.1AI score0.05481EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/09/02 12:0 a.m.1 views

Linux Distros Unpatched Vulnerability : CVE-2020-25592

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH...

9.8CVSS8.1AI score0.44938EPSS
Exploits3References2
Tenable Nessus
Tenable Nessusadded 2025/09/02 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2020-35662

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated. CVE-2020-35662 Note that...

7.4CVSS7.1AI score0.0075EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/09/02 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2017-7893

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master. CVE-2017-7893 Note that Nessus relies on the presence of the packag...

9.8CVSS8.2AI score0.00468EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/09/02 12:0 a.m.0 views

Linux Distros Unpatched Vulnerability : CVE-2020-28972

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers in the vmware.py files does not always validate the SSL/TLS...

5.9CVSS6.8AI score0.00802EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/09/02 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2022-22936

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks,...

8.8CVSS6.8AI score0.00107EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/09/02 12:0 a.m.1 views

Linux Distros Unpatched Vulnerability : CVE-2021-25281

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheelasync client. Thus, an attacker can...

9.8CVSS7.2AI score0.93846EPSS
Exploits5References2
Tenable Nessus
Tenable Nessusadded 2025/09/02 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2022-22934

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion's public key, which ca...

8.8CVSS6.9AI score0.0012EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/06/19 12:0 a.m.4 views

SaltStack 3000 < 3006.12 / 3007 < 3007.4 Multiple Vulnerabilities

According to its self-reported version number, the instance of SaltStack hosted on the remote server is affected by multiple vulnerabilities, including the following: - Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...

9.6CVSS7.2AI score0.00378EPSS
Exploits0References13
Positive Technologies
Positive Technologiesadded 2025/06/13 12:0 a.m.2 views

PT-2025-25393 · Saltstack +1 · Saltstack Salt +1

Name of the Vulnerable Software and Affected Versions: SaltStack Salt affected versions not specified Description: The issue concerns a directory traversal attack in minion file cache creation. The master's default cache is vulnerable to this attack, which could be leveraged to write or overwrite...

9.6CVSS5.8AI score0.00378EPSS
Exploits0References27
Positive Technologies
Positive Technologiesadded 2025/06/13 12:0 a.m.2 views

PT-2025-25391 · Saltstack +1 · Saltstack Salt +1

Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions 3007.0 and later Description: The issue concerns an authorization bypass in the Minion event bus. An attacker with access to a minion key can craft a message to potentially execute a job on other minions...

9.6CVSS6.3AI score0.00378EPSS
Exploits0References26
Positive Technologies
Positive Technologiesadded 2025/06/13 12:0 a.m.1 views

PT-2025-25392 · Saltstack +1 · Saltstack +1

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url, which could cause an arbitrary command to be run on the master with...

9.6CVSS6.1AI score0.00378EPSS
Exploits0References26
RedhatCVE
RedhatCVEadded 2025/05/22 11:33 a.m.4 views

CVE-2018-1999027

An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins...

7.5CVSS6.1AI score0.00062EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/22 11:15 a.m.6 views

CVE-2013-2228

SaltStack RSA Key Generation allows remote users to decrypt communications...

8.1CVSS6.9AI score0.01018EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/22 10:10 a.m.4 views

CVE-2019-1010259

SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.userchpass function from the MySQL module for Salt. The attack vector is: specially crafted...

9.8CVSS7.7AI score0.00363EPSS
Exploits1References1
Packet Storm
Packet Stormadded 2024/08/31 12:0 a.m.252 views

SaltStack Salt Master Server Root Key Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SaltStack Salt Master Server Root Key Disclosure', 'Description' = %q This module exploits unauthenticated access to the prepauthinfo method in t...

9.8CVSS7.4AI score0.94234EPSS
Exploits24
OSV
OSVadded 2024/06/27 9:30 a.m.14 views

GHSA-Q27C-J6J9-53W3 Directory creation by malicious user in saltstack

Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master...

5CVSS5.8AI score0.0058EPSS
Exploits0References4
Rows per page
Query Builder