GHSA-2QW3-2WV6-P64X Path traversal in saltstack

A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s filesystem...

Path traversal in saltstack

A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s filesystem...

Directory creation by malicious user in saltstack

Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master...

Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking

The cryptojacking group known as Kinsing has demonstrated an ability to continuously evolve and adapt, proving to be a persistent threat by swiftly integrating newly disclosed vulnerabilities to the exploit arsenal and expand its botnet. The findings come from cloud security firm Aqua, which...

Improper Authentication

Salt aka SaltStack is vulnerable to Improper Authentication. The vulnerability is due to a lack of authentication during routine execution, allowing authenticated users with certain privileges to bypass restrictions by nesting restricted routines within other routines...

ROS-20240409-06

A vulnerability in SaltStack Salt's configuration management and remote operations execution system is related to receiving multiple bad packets to the server equal to the number of worker threads, Salt will stop responding back requests before restarting. Exploitation of the vulnerability could...

SaltStack 3000 < 3005.5 / 3006 < 3006.6 Multiple Vulnerablities

According to its self-reported version number, the instance of SaltStack hosted on the remote server is affected by multiple vulnerabilities: - Syndic cache directory creation is vulnerable to a directory traversal attack. CVE-2024-22231 - A specially crafted url can be created which leads to a...

SaltStack Salt 安全漏洞

SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt that stems from an attacker being able to traverse a directory in order to...

SaltStack Salt 安全漏洞

SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt that stems from an attacker being able to traverse a directory in order to...

Saltstack Minion Payload Deployer

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Saltstack Minion Payload Deployer', 'Description' = %q This exploit module uses saltstack salt to deploy a payload and run it on all targets whic...

Saltstack Minion Payload Deployer Exploit

This Metasploit exploit module uses saltstack salt to deploy a payload and run it on all targets which have been selected default all. Currently only works against nix targets. This module requires Metasploit: https://metasploit.com/download Current source:...

Saltstack Minion Payload Deployer

This exploit module uses saltstack salt to deploy a payload and run it on all targets which have been selected default all. Currently only works against nix targets. Module Options msf use exploit/linux/local/saltstacksaltminiondeployer msf exploitsaltstacksaltminiondeployer show targets...

Exploit for Path Traversal in Saltstack Salt

CVE-2020-11652-CVE-2020-11652-POC This is a fix POC CVE-2020-...

SaltStack 3000 < 3005.4 / 3006 < 3006.4 Security Bypass

According to its self-reported version number, the instance of SaltStack hosted on the remote server is affected by a security bypass vulnerability. The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script...

GLSA-202310-22 : Salt: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202310-22 Salt: Multiple Vulnerabilities - An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege...

SaltStack 3000 < 3002.8 / 3003 < 3003.4 / 3004 < 3004.1 Multiple Vulnerabilities

According to its self-reported version number, the instance of SaltStack hosted on the remote server is affected by multiple vulnerabilities: - After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests...

SaltStack Salt Security Vulnerabilities

SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt versions prior to 3005.2 or 3006.2, which stems from the Git provider progra...

SaltStack Salt Security Vulnerabilities

SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt versions prior to 3005.2 or 3006.2, which stems from the fact that after...

SUSE CVE-2021-33226

Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. NOTE: this is disputed by third parties because an attacker cannot influence the eval input...

CVE-2021-33226

Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. NOTE: this is disputed by third parties because an attacker cannot influence the eval input...