Lucene search
+L

190 matches found

Cvelist
Cvelist
added 2022/03/29 12:0 a.m.34 views

CVE-2022-22941

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisheracl, if a user configured in the publisheracl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid,...

8.8AI score0.01315EPSS
Exploits0References4
OSV
OSV
added 2022/03/29 12:0 a.m.23 views

CVE-2022-22935

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master...

3.7CVSS4.6AI score0.01586EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/03/29 12:0 a.m.7 views

PT-2022-15744 · Saltstack +2 · Saltstack Salt +2

Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions prior to 3002.8 SaltStack Salt versions prior to 3003.4 SaltStack Salt versions prior to 3004.1 Description: An issue was discovered in SaltStack Salt where job publishes and file server replies are susceptible to repl...

9.8CVSS7.4AI score0.99585EPSS
Exploits15References125
Positive Technologies
Positive Technologies
added 2022/03/29 12:0 a.m.4 views

PT-2022-15743 · Saltstack +2 · Saltstack Salt +2

Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions prior to 3002.8 SaltStack Salt versions prior to 3003.4 SaltStack Salt versions prior to 3004.1 Description: An issue in SaltStack Salt allows a man-in-the-middle MiTM attacker to impersonate a master and cause a minio...

9.8CVSS7.2AI score0.99585EPSS
Exploits15References120
Debian CVE
Debian CVE
added 2022/03/29 12:0 a.m.70 views

CVE-2022-22941

Removed by vendor...

8.8CVSS7.8AI score0.01315EPSS
Exploits0
CVE
CVE
added 2022/03/29 12:0 a.m.135 views

CVE-2022-22935

The connected Nessus document for CVE-2022-22935 confirms a concrete vulnerability in SaltStack Salt prior to 3002.8, 3003.4, and 3004.1: a minion authentication denial-of-service that allows a MiTM attacker to impersonate the master and stop a minion process. No patch or remediation details are ...

4.3CVSS5.7AI score0.01586EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/03/29 12:0 a.m.29 views

CVE-2022-22934

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data...

8.8CVSS7.2AI score0.00861EPSS
Exploits0References6
OSV
OSV
added 2022/03/29 12:0 a.m.23 views

CVE-2022-22941

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisheracl, if a user configured in the publisheracl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid,...

8.8CVSS8.9AI score0.01315EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2022/03/29 12:0 a.m.64 views

CVE-2022-22934

Removed by vendor...

8.8CVSS7.8AI score0.00861EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/03/29 12:0 a.m.57 views

CVE-2022-22936

Removed by vendor...

8.8CVSS7.8AI score0.00808EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2022/03/29 12:0 a.m.84 views

CVE-2022-22941

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisheracl, if a user configured in the publisheracl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid,...

8.8CVSS8.7AI score0.01315EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2022/03/29 12:0 a.m.83 views

CVE-2022-22934

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data...

8.8CVSS8.7AI score0.00861EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2022/03/29 12:0 a.m.84 views

CVE-2022-22936

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A...

8.8CVSS8.7AI score0.00808EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/11/19 12:0 a.m.41 views

Debian DSA-5011-1 : salt - security update

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5011 advisory. - An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allo...

9.8CVSS7.1AI score0.92312EPSS
Exploits9References29
Check Point Advisories
Check Point Advisories
added 2021/11/16 12:0 a.m.12 views

SaltStack Salt API SSH Client Command Injection (CVE-2020-16846)

A remote code execution vulnerability exists in SaltStack Salt API SSH Client. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS9.5AI score0.99585EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2021/10/28 12:0 a.m.29 views

SUSE SLES11: python2-spacewalk-check / python2-spacewalk-client-setup / etc (SUSE-SU-2021:14833-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2021:14833-1 advisory. salt: - Exclude the full path of a download URL to prevent injection of malicious code bsc1190265 CVE-2021-21996 spacecmd: - Version 4.2.13-1 Update...

7.5CVSS7.3AI score0.03514EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2021/10/28 12:0 a.m.33 views

SUSE SLED15: python3-salt / salt / salt-api / salt-bash-completion / salt-cloud / etc (SUSE-SU-2021:3556-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:3556-1 advisory. - Support querying for JSON data in external sql pillar. - Exclude the full path of a download URL to prevent injection of malicious code...

7.5CVSS7.2AI score0.03514EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2021/10/14 10:9 a.m.942 views

Exploit for OS Command Injection in Saltstack Salt

CVE-2020-16846-Saltstack-Salt-API Vulnerability Explained: An...

9.8CVSS9.3AI score0.99585EPSS
Exploits5
NVD
NVD
added 2021/09/08 3:15 p.m.14 views

CVE-2021-22004

An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion software...

6.4CVSS0.00346EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2021/09/08 3:15 p.m.34 views

CVE-2021-22004

An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion software...

6.4CVSS6.9AI score0.00346EPSS
Exploits0References2
Rows per page
Query Builder