853 matches found
salt -- multiple vulnerabilities
SaltStack reports multiple security vulnerabilities in Salt CVE-2021-3197: The Salt-API.s SSH client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request. CVE-2021-25281: The Salt-API does not have eAuth credentials for the...
PT-2021-2354 · Suse +3 · Suse Linux Enterprise Server +4
Name of the Vulnerable Software and Affected Versions: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3 openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions Description: The issue is related to an improper authentication algorithm implementation in SaltStack Salt,...
SaltStack Unauthenticated RCE (direct check)
Binary data saltstackcve-2020-16846.nbin...
Exploit for Path Traversal in Saltstack Salt
SaltStack-Exp CVE-2020-11651 CVE-2020-11652 Exec-Master:...
Exploit for Command Injection in Saltstack Salt
CVE-2020-28243 A command injection vulnerability in SaltStack...
SaltStack Salt rest_cherrypy ssh_priv Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SaltStack Salt. Authentication is not required to exploit this vulnerability. The specific flaw exists within the restcherrypy module. When parsing the sshpriv parameter, the process does not properl...
SaltStack Salt rest_cherrypy ssh_remote_port_forwards Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SaltStack Salt. Authentication is not required to exploit this vulnerability. The specific flaw exists within the restcherrypy module. When parsing the sshremoteportforwards parameter, the process do...
SaltStack Salt rest_cherrypy tgt Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SaltStack Salt. Authentication is not required to exploit this vulnerability. The specific flaw exists within the restcherrypy module. When parsing the tgt parameter, the process does not properly...
SaltStack Salt rest_cherrypy ssh_port Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SaltStack Salt. Authentication is not required to exploit this vulnerability. The specific flaw exists within the restcherrypy module. When parsing the sshport parameter, the process does not properl...
SaltStack Salt rest_cherrypy ssh_options Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SaltStack Salt. Authentication is not required to exploit this vulnerability. The specific flaw exists within the restcherrypy module. When parsing the sshoptions parameter, the process does not...
Metasploit Wrap-Up
SaltStack RCE wvu-r7 added an exploit module that targets SaltStack’s Salt software. Specifically, the module exploits both an authentication bypass CVE-2020-25592 and a command injection vulnerability CVE-2020-16846 in SaltStack’s REST API to get code execution as root through Salt’s SSH client ...
SaltStack Salt REST API Arbitrary Command Execution
This module exploits an authentication bypass and command injection in SaltStack Salt's REST API to execute commands as the root user. The following versions have received a patch: 2015.8.10, 2015.8.13, 2016.3.4, 2016.3.6, 2016.3.8, 2016.11.3, 2016.11.6, 2016.11.10, 2017.7.4, 2017.7.8, 2018.3.5,...
SaltStack Salt REST API Arbitrary Command Execution Exploit
This Metasploit module exploits an authentication bypass and command injection in SaltStack Salt's REST API to execute commands as the root user. The following versions have received a patch: 2015.8.10, 2015.8.13, 2016.3.4, 2016.3.6, 2016.3.8, 2016.11.3, 2016.11.6, 2016.11.10, 2017.7.4, 2017.7.8,...
FreeBSD : salt -- multiple vulnerabilities (50259d8b-243e-11eb-8bae-b42e99975750)
SaltStack reports multiple security vulnerabilities in Salt 3002 : - CVE-2020-16846: Prevent shell injections in netapi ssh client. - CVE-2020-17490: Prevent creating world readable private keys with the tls execution module. - CVE-2020-25592: Properly validate eauth credentials and tokens along...
SaltStack Salt REST API Arbitrary Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SaltStack Salt REST API Arbitrary Command Execution', 'Description' = %q This module exploits an authentication bypass and command injection in...
SaltStack Pre-Authenticated Remote Root (CVE-2020-16846 and CVE-2020-25592): What You Need to Know
What’s up? We start the November critical vulnerability season with a pair of CVEs—CVE-2020-16846 and CVE-2020-25592—that, when combined, can result in unauthenticated remote root access on a target system. SaltStack developers disclosed these weaknesses on Nov. 3, 2020 and have released patches...
SaltStack API Authorization Issues Vulnerability
SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. The tool provides configuration management, remote execution, and more. An operating system command injection vulnerability exists in the APIs in SaltStack Salt, which can be exploited by an attacker to bypas...
SaltStack Salt API Unauthorized Access Vulnerability
SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. A security vulnerability exists in the SaltStack Salt API, which can be exploited by a remote attacker to submit a special request that can be used to gain unauthorized access to an application...
SaltStack Salt API Arbitrary Code Execution Vulnerability
SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. An input validation vulnerability exists in the SaltStack Salt API that can be exploited by a remote attacker to submit a special request for unauthorized access to arbitrary code...
CVE-2020-17490
A flaw was found in Salt. The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions. The highest threat from this vulnerability is to confidentiality...