853 matches found
CVE-2018-15751
SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-apinetapi...
salt -- multiple vulnerabilities
SaltStack reports: Remote command execution and incorrect access control when using salt-api. Directory traversal vulnerability when using salt-api. Allows an attacker to determine what files exist on a server when querying /run or /events...
CloudBees Jenkins SaltStack Plugin Information Disclosure Vulnerability
CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and a number of timed tasks . SaltStack Plugin is used in one of the automated...
Design/Logic Flaw
An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins...
CVE-2018-1999027
An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins...
CVE-2018-1999027
An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins...
CVE-2018-1999027
An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins...
CVE-2018-1999027
The CVE-2018-1999027 entry concerns a sensitive-information disclosure in the Jenkins SaltStack Plugin (versions 3.1.6 and earlier) through SaltAPIBuilder.java and SaltAPIStep.java, allowing an attacker to capture credentials stored in Jenkins via a known credentials ID. Technical root cause incl...
CVE-2018-1999027
An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins...
SaltStack Salt Spoofing Vulnerability
SaltStack Salt aka SaltStack is a set of open source tools for managing infrastructure from SaltStack, Inc. in the United States. The tool provides configuration management, remote execution and other functions , able to manage tens of thousands of servers , with the ability to quickly complete t...
CVE-2017-7893
In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master...
PYSEC-2018-50
In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master...
CVE-2017-7893
In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master...
CVE-2017-7893
In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master...
CVE-2017-7893
In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master...
UBUNTU-CVE-2017-7893
In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master...
Design/Logic Flaw
In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master...
CVE-2017-7893
In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master...
CVE-2017-7893
Removed by vendor...
CVE-2017-7893
Affected product: SaltStack Salt up to version 2016.3.6. Issue: compromised salt-minions can impersonate the salt-master, enabling impersonation of the master and potential leakage or manipulation of configurations. Impact: per NVD metrics, base CVSSv3 of 9.8 (CRITICAL) with network attack, low c...