SUSE CVE-2017-5200

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's sshclient...

UBUNTU-CVE-2021-3148

An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.genthin command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py...

Saltstack SaltStack Salt 注入漏洞

SaltStack Salt is a new way to manage infrastructure, easy to deploy, up and running in minutes, scales well, easily manages tens of thousands of servers, and is fast enough to communicate between servers in seconds. A shell injection vulnerability exists in the ssh client of the salt-api in...

UBUNTU-CVE-2020-16846

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection...

SaltStack Salt Arbitrary Command Execution Vulnerability

SaltStack Salt a.k.a. SaltStack is an open source set of tools for managing infrastructure from the American company SaltStack. A security vulnerability exists in the Salt-api in SaltStack Salt. An attacker can exploit this vulnerability to execute arbitrary commands with the help of sshclient in...