CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack Saltstack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt versions prior to Salt 3002.5 that stems from the ability to log...

4.4CVSS6.8AI score0.0002EPSS

Exploits0References22

Zero Day Initiative•added 2020/11/24 12:0 a.m.•31 views

SaltStack Salt rest_cherrypy tgt Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SaltStack Salt. Authentication is not required to exploit this vulnerability. The specific flaw exists within the restcherrypy module. When parsing the tgt parameter, the process does not properly...

7.3CVSS4.7AI score0.94387EPSS

Exploits5References1

Debian CVE•added 2020/11/06 7:29 a.m.•36 views

CVE-2020-17490

Removed by vendor...

5.5CVSS7.5AI score0.00046EPSS

Exploits0

UbuntuCve•added 2020/11/06 12:0 a.m.•31 views

CVE-2020-25592

In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH...

9.8CVSS7.2AI score0.44938EPSS

Exploits3References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by