Lucene search
K

12 matches found

OSV
OSV
added 2022/05/24 5:16 p.m.32 views

GHSA-PJHF-VPX3-33R3 SaltStack Salt Unauthenticated Remote Code Execution

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the...

9.8CVSS8.4AI score0.96405EPSS
Exploits24References13
Github Security Blog
Github Security Blog
added 2022/05/24 5:16 p.m.28 views

SaltStack Salt Unauthenticated Remote Code Execution

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the...

9.8CVSS9.6AI score0.96405EPSS
Exploits24References13Affected Software1
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.17 views

SaltStack Salt Authentication Bypass Vulnerability

SaltStack Salt contains an authentication bypass vulnerability in the salt-master process ClearFuncs due to improperly validating method calls. The vulnerability allows a remote user to access some methods without authentication, which can be used to retrieve user tokens from the salt master and/...

9.8CVSS9.1AI score0.96405EPSS
In wildExploits24
Veracode
Veracode
added 2021/03/01 5:52 a.m.23 views

Insecure Session Management

salt uses an insecure session management. The eauth tokens are not invalidated upon expiration, allowing usage thereafter and these session tokens can be used to run commands against the salt master and minions...

9.1CVSS3.3AI score0.05196EPSS
Exploits0References12Affected Software1
OSV
OSV
added 2021/02/27 5:15 a.m.2 views

UBUNTU-CVE-2021-3144

In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. They might be used to run command against the salt master or minions...

9.1CVSS7.2AI score0.05196EPSS
Exploits0References4
Veracode
Veracode
added 2018/04/24 2:40 a.m.11 views

Account Impersonation

salt is vulnerable to account impersonation attack. When the salt-minions get compromised, it can impersonate as salt-master...

9.8CVSS6.7AI score0.014EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/04/23 10:29 p.m.11 views

CVE-2017-7893

In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master...

9.8CVSS9.7AI score
Exploits0References1
Prion
Prion
added 2018/04/23 10:29 p.m.15 views

Design/Logic Flaw

In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master...

7.5CVSS9.4AI score0.014EPSS
Exploits0References1Affected Software1
PyPA
PyPA
added 2018/04/23 10:29 p.m.6 views

PYSEC-2018-50

In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master...

9.8CVSS7AI score0.014EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/04/23 10:0 p.m.27 views

CVE-2017-7893

In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master...

9.5AI score0.014EPSS
Exploits0References1
Veracode
Veracode
added 2017/12/14 6:3 a.m.8 views

Unauthorized Access

salt is vulnerable to unauthorized access through its minions. The vulnerability exists as the Vault minions are receiving master tokens, which can be used to access secrets, even without a matching access policy...

6.6AI score
Exploits0
OSV
OSV
added 2017/02/07 5:59 p.m.1 views

UBUNTU-CVE-2016-9639

Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching...

9.1CVSS7.3AI score0.02581EPSS
Exploits0References3
Rows per page
Query Builder