12 matches found
GHSA-PJHF-VPX3-33R3 SaltStack Salt Unauthenticated Remote Code Execution
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the...
SaltStack Salt Unauthenticated Remote Code Execution
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the...
SaltStack Salt Authentication Bypass Vulnerability
SaltStack Salt contains an authentication bypass vulnerability in the salt-master process ClearFuncs due to improperly validating method calls. The vulnerability allows a remote user to access some methods without authentication, which can be used to retrieve user tokens from the salt master and/...
Insecure Session Management
salt uses an insecure session management. The eauth tokens are not invalidated upon expiration, allowing usage thereafter and these session tokens can be used to run commands against the salt master and minions...
UBUNTU-CVE-2021-3144
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. They might be used to run command against the salt master or minions...
Account Impersonation
salt is vulnerable to account impersonation attack. When the salt-minions get compromised, it can impersonate as salt-master...
CVE-2017-7893
In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master...
Design/Logic Flaw
In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master...
PYSEC-2018-50
In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master...
CVE-2017-7893
In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master...
Unauthorized Access
salt is vulnerable to unauthorized access through its minions. The vulnerability exists as the Vault minions are receiving master tokens, which can be used to access secrets, even without a matching access policy...
UBUNTU-CVE-2016-9639
Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching...