Linux Distros Unpatched Vulnerability : CVE-2021-31607

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion...

elita (>=0.60.0 <=0.64.1), slskit (>=2020.1.1 <=2020.9.0) potentially affected by CVE-2022-22967 via salt (>=2014.1.10 <=3001.8.0)

salt PYPI version =2014.1.10, =0.60.0, =2020.1.1, =2020.9.0 Source cves: CVE-2022-22967 Source advisory: OSV:GHSA-FPXM-FPRW-6HXJ...

Malleability remedied in Salt

Salt Project has fixed a vulnerability in Salt. A malicious person who has a locked user account can still perform actions under privileges of this account. Systems are vulnerable only when PAM authentication is used. Salt Project has released updates to fix the vulnerability fix in Salt 3002.9,...

UBUNTU-CVE-2022-22967

An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an...

elita (>=0.60.0 <=0.64.1), slskit (>=2020.1.1 <=2020.9.0) potentially affected by CVE-2021-25315 via salt (>=2014.1.10 <=3001.8.0)

salt PYPI version =2014.1.10, =0.60.0, =2020.1.1, =2020.9.0 Source cves: CVE-2021-25315 Source advisory: OSV:GHSA-PMJ6-9F8C-8G2M...

GHSA-V2RP-9CPJ-PFW2 Salt Insecure configuration of PAM external authentication service

Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient...

elita (>=0.60.0 <=0.64.1), slskit (>=2020.1.1 <=2020.9.0) potentially affected by CVE-2022-22936 via salt (>=2014.1.10 <=3001.8.0)

salt PYPI version =2014.1.10, =0.60.0, =2020.1.1, =2020.9.0 Source cves: CVE-2022-22936 Source advisory: OSV:PYSEC-2022-173...

Saltstack SaltStack Salt 授权问题漏洞

Saltstack SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack Saltstack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt versions 3002.8, 3003.4, and 3004.1, which originates fr...

slskit (>=2020.1.1 <=2020.9.0) potentially affected by CVE-2021-31607 via salt (>=2019.2.8 <=3001.8.0)

salt PYPI version =2019.2.8, =2020.1.1, =2020.9.0 Source cves: CVE-2021-31607 Source advisory: OSV:PYSEC-2021-56...

CVE-2021-25315

CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior t...

Salt win_useradd, salt-cloud and Linode driver information disclosure vulnerabilities

Salt aka SaltStack is a set of open source tools for managing infrastructure from SaltStack, Inc. winuseradd one of the user creation component; salt-cloud is a virtual machine configuration component; Linode driver is a server driver. A security vulnerability exists in winuseradd, salt-cloud, an...

PYSEC-2017-71

winuseradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs...

PT-2020-5856 · Saltstack +3 · Saltstack Salt +3

Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions through 3002 Description: The issue is related to the improper validation of eauth credentials and tokens by the salt-netapi component in SaltStack Salt. This allows a user to bypass authentication and invoke Salt SSH,...