2 matches found
SaltStack Salt <3002.5 - Auth Bypass
SaltStack Salt before 3002.5 does not honor eauth credentials for the wheelasync client, allowing attackers to remotely run any wheel modules on the master. id: CVE-2021-25281 info: name: SaltStack Salt 3002.5 - Auth Bypass author: madrobot severity: critical description: SaltStack Salt before...
CVE-2021-3148
A flaw was found in salt. Command injection using the SaltAPI, is possible due to json.dumps escaping double quotes while leaving the single quotes untouched. The highest threat from this vulnerability is to data confidentiality and integrity...