853 matches found
CVE-2017-5200
Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's sshclient. Mitigation Disable salt-api for mitigation...
SaltStack Salt Information Disclosure Vulnerability
SaltStack Salt aka SaltStack is a set of open source tools for managing infrastructure from SaltStack, Inc. in the United States. The tool provides configuration management, remote execution and other functions , able to manage tens of thousands of servers , with the ability to quickly complete t...
PT-2020-5856 · Saltstack +3 · Saltstack Salt +3
Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions through 3002 Description: The issue is related to the improper validation of eauth credentials and tokens by the salt-netapi component in SaltStack Salt. This allows a user to bypass authentication and invoke Salt SSH,...
PT-2021-5491 · Saltstack +3 · Saltstack Salt +3
Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions prior to 3002.5 Description: The issue is related to insufficient argument checking in the salt.utils.thin.gen thin function, allowing for command injection when crafted web requests are sent to the Salt API. This is d...
PT-2021-5604 · Saltstack +2 · Saltstack Salt +2
Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions prior to 3002.5 Description: The issue is related to errors in processing authentication requests for expired eauth tokens. This could allow a remote attacker to execute arbitrary commands, potentially against the salt...
PT-2021-5177 · Saltstack +3 · Saltstack Salt +3
Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions prior to 3002.5 Description: The issue is related to improper access restriction in SaltStack Salt, allowing a remote attacker to gain unauthorized access to restricted functions. Specifically, salt-api does not honor...
PT-2021-5498 · Saltstack +3 · Saltstack Salt +3
Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions prior to 3002.5 Description: An issue was discovered in SaltStack Salt where the jinja renderer does not protect against server-side template injection attacks. This could allow a remote attacker to execute arbitrary...
PT-2021-5495 · Saltstack +3 · Saltstack Salt +3
Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions prior to 3002.5 Description: The issue is related to errors in processing input data in the ssh client of the salt-api in SaltStack Salt. This can allow a remote attacker to execute arbitrary commands with elevated...
PT-2021-2235 · Saltstack +4 · Saltstack Salt +6
Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions prior to 3002.5 Description: The issue is related to errors in the certificate authentication procedure on vCenter, vSphere, and ESXi servers. This can allow a remote attacker to perform a "man-in-the-middle" attack. T...
PT-2021-7513 · Saltstack +3 · Saltstack Salt +3
Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions prior to 3002.5 Description: An issue was discovered in SaltStack Salt, where the salt.wheel.pillar roots.write method is vulnerable to directory traversal. This vulnerability is related to incorrect restriction of the...
PT-2021-16500 · Saltstack +3 · Saltstack Salt +3
Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions prior to 3002.5 Description: An issue was discovered in SaltStack Salt where salt.modules.cmdmod can log credentials to the info or error log level. Recommendations: For versions prior to 3002.5, update to version 3002...
PT-2021-7507 · Saltstack +3 · Saltstack Salt +3
Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions prior to 3002.5 Description: The issue is related to errors in the SSL certificate validation procedure during authentication to services using certain modules. This can allow a remote attacker to perform a...
PT-2020-5858 · Saltstack +3 · Saltstack Salt +3
Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions through 3002 Description: The issue is related to the TLS module within SaltStack Salt, where certificates are created with weak file permissions. This weakness can be exploited to gain access to confidential data. The...
PT-2020-5859 · Saltstack +3 · Saltstack Salt +3
Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions through 3002 Description: The issue is related to a lack of measures to neutralize special elements in the Salt configuration management and remote execution system. Exploitation of this issue allows a remote attacker ...
SaltStack Salt Security Bypass Vulnerability (CNVD-2016-05108)
SaltStack Salt aka SaltStack is a set of open source tools for managing infrastructure from SaltStack, Inc. in the United States. The tool provides configuration management, remote execution and other functions , able to manage tens of thousands of servers , with the ability to quickly complete t...
salt -- Insecure configuration of PAM external authentication service
SaltStack reports: This issue affects all Salt versions prior to 2015.8.8/2015.5.10 when PAM external authentication is enabled. This issue involves passing an alternative PAM authentication service with a command that is sent to LocalClient, enabling the attacker to bypass the configured...
salt -- code execution
SaltStack reports: Improper handling of clear messages on the minion, which could result in executing commands not sent by the master...
Salt (SaltStack) modules/splunk_search.py create() certificate validation bypass vulnerability
SaltStack is a new infrastructure platform management tool. The create function in SaltStack modules/splunksearch.py fails to properly validate x.509 certificates, allowing remote attackers to forge certificates to spoof TLS/SSL servers and conduct communication interception attacks...
CVE-2014-3563
Multiple unspecified vulnerabilities in Salt aka SaltStack before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in 1 seed.py, 2 salt-ssh, or 3 salt-cloud...
PYSEC-2014-18
Multiple unspecified vulnerabilities in Salt aka SaltStack before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in 1 seed.py, 2 salt-ssh, or 3 salt-cloud...