SUSE CVE-2020-25592

In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH...

SUSE-SU-2022:2144-1 Security update for SUSE Manager Server 4.2

This update fixes the following issues: inter-server-sync: - version 0.2.2 Parameter --channel-with-children didn't export data bsc1199089 Clean rhnchannelcloned table to rebuild hierarchy bsc1197400 - Version 0.2.1 Correct sequence in use for table rhnpackagekeybsc1197400 Make Docker image expor...

SaltStack Salt Improper Validation of eauth credentials and tokens in salt-netapi

In SaltStack the salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH...

Authentication Bypass

salt is vulnerable to authentication bypass. The salt-netapi improperly validates eauth credentials and tokens, allowing an attacker to bypass authentication and invoke Salt SSH...

CVE-2020-25592

In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH...

CVE-2020-8028 salt-api is accessible to every user on SUSE Manager Server

A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system...

[ASA-202001-7] salt: arbitrary command execution

Arch Linux Security Advisory ASA-202001-7 ========================================= Severity: Medium Date : 2020-01-29 CVE-ID : CVE-2019-17361 Package : salt Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-1087 Summary ======= The package salt before...

SUSE-RU-2019:1703-1 Security update for SUSE Manager Server 3.2

This update fixes the following issues: cobbler: - Removes string replace for textmode fix bsc1134195 py26-compat-salt: - Avoid syntax error on yumpkg module running on Python 2.6 bsc1136250 - Use ThreadPool from multiprocessing.pool to avoid leakins when calculating FQDNs - Fix usermod options f...

SUSE-SU-2019:1703-1 Security update for SUSE Manager Server 3.2

This update fixes the following issues: cobbler: - Removes string replace for textmode fix bsc1134195 py26-compat-salt: - Avoid syntax error on yumpkg module running on Python 2.6 bsc1136250 - Use ThreadPool from multiprocessing.pool to avoid leakins when calculating FQDNs - Fix usermod options f...

SUSE-RU-2018:4018-1 Security update for SUSE Manager Server 3.2

This update fixes the following issues: apache-mybatis: - Install missing LICENSE.txt file bsc1114814 cobbler: - Fix service restart after logrotate for cobblerd bsc1113747 - Rotate cobbler logs at higher frequency to prevent disk fillup bsc1113747 hadoop: - Install missing LICENSE.txt file...

PT-2020-5856 · Saltstack +3 · Saltstack Salt +3

Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions through 3002 Description: The issue is related to the improper validation of eauth credentials and tokens by the salt-netapi component in SaltStack Salt. This allows a user to bypass authentication and invoke Salt SSH,...