54 matches found
EUVD-2004-0317
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2021-25281
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheelasync client. Thus, an attacker can...
SaltStack Salt eauth tokens can be used once after expiration
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. They might be used to run command against the salt master or minions...
GHSA-W2HR-3MC8-46GH SaltStack Salt eauth tokens can be used once after expiration
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. They might be used to run command against the salt master or minions...
GHSA-XXW3-765M-F37P SaltStack Salt Improper Authentication vulnerability
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheelasync client. Thus, an attacker can remotely run any wheel modules on the master...
GHSA-29J3-2446-5J4W SaltStack Salt Improper Validation of eauth credentials and tokens in salt-netapi
In SaltStack the salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH...
SaltStack Salt Improper Validation of eauth credentials and tokens in salt-netapi
In SaltStack the salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH...
Authentication Bypass
salt is vulnerable to authentication bypass. The salt-netapi improperly validates eauth credentials and tokens, allowing an attacker to bypass authentication and invoke Salt SSH...
SaltStack < 3002.5 Multiple Vulnerabilities
According to its self-reported version number, the instance of SaltStack hosted on the remote server is affected by multiple vulnerabilities: - The Salt-APIâs SSH client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request...
Unspecified Vulnerability in SaltStack Salt (CNVD-2021-15043)
SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack Saltstack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt versions prior to Salt 3002.5, which stems from the fact that eaut...
FreeBSD : salt -- multiple vulnerabilities (a1e03a3d-7be0-11eb-b392-20cf30e32f6d)
SaltStack reports multiple security vulnerabilities in Salt - CVE-2021-3197: The Salt-API.s SSH client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request. - CVE-2021-25281: The Salt-API does not have eAuth credentials for the...
Insecure Session Management
salt uses an insecure session management. The eauth tokens are not invalidated upon expiration, allowing usage thereafter and these session tokens can be used to run commands against the salt master and minions...
CVE-2021-3144
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. They might be used to run command against the salt master or minions...
CVE-2021-3144
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. They might be used to run command against the salt master or minions...
UBUNTU-CVE-2021-25281
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheelasync client. Thus, an attacker can remotely run any wheel modules on the master...
CVE-2021-3144
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. They might be used to run command against the salt master or minions...
Command injection
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. They might be used to run command against the salt master or minions...
PYSEC-2021-54
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. They might be used to run command against the salt master or minions...
CVE-2021-25281
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheelasync client. Thus, an attacker can remotely run any wheel modules on the master...
CVE-2021-3144
CVE-2021-3144 affects SaltStack Salt prior to 3002.5. The vulnerability allows eauth tokens to be used once after expiration, potentially enabling an attacker to execute commands against the salt-master or minions. In exposed advisories, the impact is remote command execution with high severity, ...