4 matches found
SUSE-SU-2020:3244-1 Security update for Salt
This update fixes the following issues: salt: - Avoid regression on 'salt-master': set passphrase for salt-ssh keys to empty string bsc1178485 - Properly validate eauth credentials and tokens on SSH calls made by Salt API bsc1178319, bsc1178362, bsc1178361, CVE-2020-25592, CVE-2020-17490,...
SUSE-SU-2020:3243-1 Security update for salt
This update for salt fixes the following issues: - Avoid regression on 'salt-master': set passphrase for salt-ssh keys to empty string bsc1178485 - Properly validate eauth credentials and tokens on SSH calls made by Salt API bsc1178319, bsc1178362, bsc1178361, CVE-2020-25592, CVE-2020-17490,...
PYSEC-2020-106
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH...
SaltStack < 3002 Multiple Vulnerabilities
According to its self-reported version number, the instance of SaltStack hosted on the remote server is affected by multiple vulnerabilities: - eauth is not sufficiently validated when calling Salt SSH via the salt-api. Any value for 'eauth' or 'token' will allow a user to bypass authentication a...