Lucene search
K

4 matches found

OSV
OSV
added 2020/11/06 3:58 p.m.7 views

SUSE-SU-2020:3244-1 Security update for Salt

This update fixes the following issues: salt: - Avoid regression on 'salt-master': set passphrase for salt-ssh keys to empty string bsc1178485 - Properly validate eauth credentials and tokens on SSH calls made by Salt API bsc1178319, bsc1178362, bsc1178361, CVE-2020-25592, CVE-2020-17490,...

9.8CVSS7.4AI score0.99585EPSS
Exploits5References14
OSV
OSV
added 2020/11/06 3:57 p.m.7 views

SUSE-SU-2020:3243-1 Security update for salt

This update for salt fixes the following issues: - Avoid regression on 'salt-master': set passphrase for salt-ssh keys to empty string bsc1178485 - Properly validate eauth credentials and tokens on SSH calls made by Salt API bsc1178319, bsc1178362, bsc1178361, CVE-2020-25592, CVE-2020-17490,...

9.8CVSS7.4AI score0.99585EPSS
Exploits5References14
OSV
OSV
added 2020/11/06 8:15 a.m.26 views

PYSEC-2020-106

In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH...

9.8CVSS3.2AI score0.57453EPSS
Exploits3References9
Tenable Nessus
Tenable Nessus
added 2020/11/06 12:0 a.m.47 views

SaltStack < 3002 Multiple Vulnerabilities

According to its self-reported version number, the instance of SaltStack hosted on the remote server is affected by multiple vulnerabilities: - eauth is not sufficiently validated when calling Salt SSH via the salt-api. Any value for 'eauth' or 'token' will allow a user to bypass authentication a...

9.8CVSS8AI score0.99585EPSS
Exploits5References5
Rows per page
Query Builder