190 matches found
EUVD-2018-0133
Malware in sbrugna...
EUVD-2022-4798
Malicious code in bioql PyPI...
PT-2025-25393 · Saltstack +1 · Saltstack Salt +1
Name of the Vulnerable Software and Affected Versions: SaltStack Salt affected versions not specified Description: The issue concerns a directory traversal attack in minion file cache creation. The master's default cache is vulnerable to this attack, which could be leveraged to write or overwrite...
PT-2025-25391 · Saltstack +1 · Saltstack Salt +1
Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions 3007.0 and later Description: The issue concerns an authorization bypass in the Minion event bus. An attacker with access to a minion key can craft a message to potentially execute a job on other minions...
CVE-2019-1010259
SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.userchpass function from the MySQL module for Salt. The attack vector is: specially crafted...
SaltStack Salt Master Server Root Key Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SaltStack Salt Master Server Root Key Disclosure', 'Description' = %q This module exploits unauthenticated access to the prepauthinfo method in t...
ROS-20240409-06
A vulnerability in SaltStack Salt's configuration management and remote operations execution system is related to receiving multiple bad packets to the server equal to the number of worker threads, Salt will stop responding back requests before restarting. Exploitation of the vulnerability could...
GLSA-202310-22 : Salt: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202310-22 Salt: Multiple Vulnerabilities - An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege...
SUSE SLES15 Security Update : salt (SUSE-SU-2022:2278-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2278-1 advisory. - An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allow...
CVE-2022-2282
Removed by vendor...
SUSE SLES15 Security Update : salt (SUSE-SU-2022:2159-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2159-1 advisory. - An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allow...
CVE-2022-22967
An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an...
Design/Logic Flaw
An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an...
PYSEC-2022-210
An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an...
SUSE SLES12 Security Update : salt (SUSE-SU-2022:2154-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2154-1 advisory. - An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allow...
CVE-2022-22967
An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an...
CVE-2022-22967
An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an...
PT-2022-3075 · Saltstack +2 · Saltstack Salt +2
Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions prior to 3002.9 SaltStack Salt versions prior to 3003.5 SaltStack Salt versions prior to 3004.2 Description: An issue was discovered in SaltStack Salt where PAM auth fails to reject locked accounts. This allows a...
CVE-2022-22967
Removed by vendor...
Improper Authentication in SaltStack Salt
An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion software...