Lucene search
+L

38 matches found

Nuclei
Nuclei
added 6 days ago49 views

SaltStack <=3002 - Shell Injection

SaltStack Salt through 3002 allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt-API using the SSH client. id: CVE-2020-16846 info: name: SaltStack =3003 to mitigate this vulnerability. reference: -...

9.8CVSS7AI score0.99585EPSS
Exploits5References5
OpenVAS
OpenVAS
added 2024/08/09 12:0 a.m.19 views

Ubuntu: Security Advisory (USN-6948-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.4AI score0.99585EPSS
Exploits13References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:55 a.m.4 views

SUSE CVE-2020-16846

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection...

9.8CVSS9.6AI score0.99585EPSS
Exploits5References24
vulnersOsv
vulnersOsv
added 2022/05/24 5:33 p.m.4 views

elita (>=0.60.0 <=0.64.1) potentially affected by CVE-2020-16846 via salt (=2014.1.10)

salt PYPI version =2014.1.10 is affected by a known vulnerability. The following packages have a transitive dependency on salt and may be impacted: - elita =0.60.0, =0.64.1 Source cves: CVE-2020-16846 Source advisory: OSV:GHSA-QR38-H96J-2J3W...

9.8CVSS7.1AI score0.99585EPSS
Exploits5
Debian
Debian
added 2022/01/03 8:17 p.m.131 views

[SECURITY] [DLA 2480-2] salt regression update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2480-2 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler January 03, 2022 https://wiki.debian.org/LTS -...

9.8CVSS8.1AI score0.99585EPSS
Exploits12
GithubExploit
GithubExploit
added 2021/10/14 10:9 a.m.940 views

Exploit for OS Command Injection in Saltstack Salt

CVE-2020-16846-Saltstack-Salt-API Vulnerability Explained: An...

9.8CVSS9.3AI score0.99585EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2021/06/10 12:0 a.m.43 views

SUSE SLES11 Security Update : SUSE Manager Client Tools (SUSE-SU-2020:14538-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14538-1 advisory. - An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can resul...

9.8CVSS7.3AI score0.99585EPSS
Exploits5References13
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.22 views

SUSE: Security Advisory (SUSE-SU-2020:3243-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.8AI score0.99585EPSS
Exploits5References4
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.11 views

SUSE: Security Advisory (SUSE-SU-2020:3155-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.8AI score0.99585EPSS
Exploits5References4
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.15 views

SUSE: Security Advisory (SUSE-SU-2020:3244-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8AI score0.99585EPSS
Exploits5References15
Tenable Nessus
Tenable Nessus
added 2021/01/25 12:0 a.m.33 views

Debian DSA-4837-1 : salt - security update

Several vulnerabilities were discovered in salt, a powerful remote execution manager. The flaws could result in authentication bypass and invocation of Salt SSH, creation of certificates with weak file permissions via the TLS execution module or shell injections with the Salt API using the SSH...

9.8CVSS7.4AI score0.99585EPSS
Exploits5References6
Debian
Debian
added 2021/01/24 3:29 p.m.88 views

[SECURITY] [DSA 4837-1] salt security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4837-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 24, 2021 https://www.debian.org/security/faq -...

7.5CVSS1.3AI score0.99585EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2020/12/07 12:0 a.m.39 views

Debian DLA-2480-2 : salt regression update

Past security updates of Salt, a remote execution manager, introduced regressions for which follow-up fixes were published : CVE 2020-16846 regression 'salt-ssh' master key initialization fails CVE 2021-3197 regression Valid parameters are discarded for the SSHClient CVE 2020-28243 follow-up...

9.8CVSS7AI score0.99585EPSS
Exploits12References8
OpenVAS
OpenVAS
added 2020/12/05 12:0 a.m.12 views

Debian: Security Advisory (DLA-2480-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.8AI score0.99585EPSS
Exploits5References6
Debian
Debian
added 2020/12/04 5:33 p.m.66 views

[SECURITY] [DLA 2480-1] salt security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2480-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA December 04, 2020 https://wiki.debian.org/LTS -...

9.8CVSS9.4AI score0.99585EPSS
Exploits5
Metasploit
Metasploit
added 2020/11/12 5:41 p.m.58 views

SaltStack Salt REST API Arbitrary Command Execution

This module exploits an authentication bypass and command injection in SaltStack Salt's REST API to execute commands as the root user. The following versions have received a patch: 2015.8.10, 2015.8.13, 2016.3.4, 2016.3.6, 2016.3.8, 2016.11.3, 2016.11.6, 2016.11.10, 2017.7.4, 2017.7.8, 2018.3.5,...

9.8CVSS10AI score0.99585EPSS
Exploits5
0day.today
0day.today
added 2020/11/12 12:0 a.m.123 views

SaltStack Salt REST API Arbitrary Command Execution Exploit

This Metasploit module exploits an authentication bypass and command injection in SaltStack Salt's REST API to execute commands as the root user. The following versions have received a patch: 2015.8.10, 2015.8.13, 2016.3.4, 2016.3.6, 2016.3.8, 2016.11.3, 2016.11.6, 2016.11.10, 2017.7.4, 2017.7.8,...

9.8CVSS9.4AI score0.99585EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2020/11/12 12:0 a.m.30 views

GLSA-202011-13 : Salt: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202011-13 Salt: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Salt. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details...

9.8CVSS7.2AI score0.99585EPSS
Exploits5References5
Tenable Nessus
Tenable Nessus
added 2020/11/12 12:0 a.m.27 views

FreeBSD : salt -- multiple vulnerabilities (50259d8b-243e-11eb-8bae-b42e99975750)

SaltStack reports multiple security vulnerabilities in Salt 3002 : - CVE-2020-16846: Prevent shell injections in netapi ssh client. - CVE-2020-17490: Prevent creating world readable private keys with the tls execution module. - CVE-2020-25592: Properly validate eauth credentials and tokens along...

9.8CVSS7.4AI score0.99585EPSS
Exploits5References5
Circl
Circl
added 2020/11/11 7:52 p.m.62 views

CVE-2020-16846

creationtimestamp| type| source ---|---|--- 2020-11-11 19:52:11+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/saltstacksaltapicmdexec.rb 2021-11-08 08:58:19+00:00| seen| MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422 2021-11-20 09:53:52+00:00| seen...

9.8CVSS7.2AI score0.99585EPSS
In wildExploits5References9
Rows per page
Query Builder