Lucene search
+L

190 matches found

AlpineLinux
AlpineLinux
added 2017/09/26 2:0 p.m.87 views

CVE-2017-5200

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's sshclient...

9CVSS8.8AI score0.03205EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2017/09/26 2:0 p.m.89 views

CVE-2017-5192

When using the localbatch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed...

8.8CVSS8.8AI score0.01681EPSS
Exploits0
OSV
OSV
added 2017/08/23 2:29 p.m.20 views

CVE-2017-12791

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID...

9.8CVSS9.2AI score
Exploits0References6
UbuntuCve
UbuntuCve
added 2017/08/23 2:29 p.m.28 views

CVE-2017-12791

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID...

9.8CVSS6.9AI score0.04629EPSS
Exploits0References5
Debian
Debian
added 2017/07/05 8:0 a.m.27 views

Security Update for salt

Al Nikolov uploaded new package for salt which fixed the following security problem: CVE-2017-8109 The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on...

7.8CVSS4.1AI score0.00434EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2017/04/25 5:59 p.m.27 views

CVE-2017-8109

The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions clients...

7.8CVSS7.2AI score0.00434EPSS
Exploits0References7
OSV
OSV
added 2017/04/25 5:59 p.m.32 views

PYSEC-2017-82

The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions clients...

7.8CVSS3.5AI score0.00434EPSS
Exploits0References7
Cvelist
Cvelist
added 2017/04/25 5:0 p.m.29 views

CVE-2017-8109

The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions clients...

7.6AI score0.00434EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2017/02/10 8:18 a.m.22 views

CVE-2017-5192

When using the localbatch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed. Mitigation Disable salt-api for mitigation...

8.8CVSS2.9AI score0.01681EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2016/11/21 12:0 a.m.6 views

PT-2020-5859 · Saltstack +3 · Saltstack Salt +3

Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions through 3002 Description: The issue is related to a lack of measures to neutralize special elements in the Salt configuration management and remote execution system. Exploitation of this issue allows a remote attacker ...

9.8CVSS8AI score0.99585EPSS
Exploits40References233
Rows per page
Query Builder