21 matches found
GHSA-XXW3-765M-F37P SaltStack Salt Improper Authentication vulnerability
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheelasync client. Thus, an attacker can remotely run any wheel modules on the master...
GHSA-29J3-2446-5J4W SaltStack Salt Improper Validation of eauth credentials and tokens in salt-netapi
In SaltStack the salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH...
SaltStack Salt Improper Validation of eauth credentials and tokens in salt-netapi
In SaltStack the salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH...
Authentication Bypass
salt is vulnerable to authentication bypass. The salt-netapi improperly validates eauth credentials and tokens, allowing an attacker to bypass authentication and invoke Salt SSH...
UBUNTU-CVE-2021-25281
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheelasync client. Thus, an attacker can remotely run any wheel modules on the master...
CVE-2021-25281
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheelasync client. Thus, an attacker can remotely run any wheel modules on the master...
CVE-2021-25281
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheelasync client. Thus, an attacker can remotely run any wheel modules on the master...
CVE-2021-25281
Removed by vendor...
SaltStack Salt Authorization Issues Vulnerability
SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack Saltstack. The tool provides configuration management, remote execution, and other features. An authorization issue vulnerability exists in SaltStack Salt versions prior to Salt 3002.5, which stems from the fa...
salt -- multiple vulnerabilities
SaltStack reports multiple security vulnerabilities in Salt CVE-2021-3197: The Salt-API.s SSH client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request. CVE-2021-25281: The Salt-API does not have eAuth credentials for the...
SUSE SLES15 Security Update : Salt (SUSE-SU-2020:3244-1)
This update fixes the following issues : salt : Avoid regression on 'salt-master': set passphrase for salt-ssh keys to empty string bsc1178485 Properly validate eauth credentials and tokens on SSH calls made by Salt API bsc1178319, bsc1178362, bsc1178361, CVE-2020-25592, CVE-2020-17490,...
FreeBSD : salt -- multiple vulnerabilities (50259d8b-243e-11eb-8bae-b42e99975750)
SaltStack reports multiple security vulnerabilities in Salt 3002 : - CVE-2020-16846: Prevent shell injections in netapi ssh client. - CVE-2020-17490: Prevent creating world readable private keys with the tls execution module. - CVE-2020-25592: Properly validate eauth credentials and tokens along...
SUSE-SU-2020:3251-1 Security update for SUSE Manager 3.2
This security update for SUSE Manager 3.2 fixes the following issues: py26-compat-salt: - Properly validate eauth credentials and tokens on SSH calls made by Salt API bsc1178319, bsc1178362, bsc1178361, CVE-2020-25592, CVE-2020-17490, CVE-2020-16846 spacewalk-java: - Use correct eauth module and...
SUSE-SU-2020:3250-1 Security update for SUSE Manager 4.0
This security update for SUSE Manager 4.0 provides the following fixes: py26-compat-salt: - Properly validate eauth credentials and tokens on SSH calls made by Salt API bsc1178319, bsc1178362, bsc1178361, CVE-2020-25592, CVE-2020-17490, CVE-2020-16846 spacewalk-java: - Use correct eauth module an...
CVE-2020-25592
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH...
CVE-2020-25592
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH...
UBUNTU-CVE-2020-25592
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH...
CVE-2020-25592
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH...
CVE-2020-25592
Removed by vendor...
SUSE-SU-2020:3155-1 Security update for salt
This update for salt fixes the following issues: - Properly validate eauth credentials and tokens on SSH calls made by Salt API bsc1178319, bsc1178362, bsc1178361, CVE-2020-25592, CVE-2020-17490, CVE-2020-16846 - Fix disk.blkid to avoid unexpected keyword argument 'pubuser'. bsc1177867 - Ensure...