CVE-2021-3197

Removed by vendor...

OPENSUSE-SU-2021:0347-1 Security update for salt

This update for salt fixes the following issues: - Fix regression on cmd.run when passing tuples as cmd bsc1182740 - Allow extrafilerefs as sanitized kwargs for SSH client - Fix errors with virt.update - Fix for multiple for security issues CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-31...

SUSE-SU-2021:0631-1 Security update for salt

This update for salt fixes the following issues: - Fix regression on cmd.run when passing tuples as cmd bsc1182740 - Allow extrafilerefs as sanitized kwargs for SSH client - Fix errors with virt.update - Fix for multiple for security issues CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-31...

SUSE-SU-2021:0630-1 Security update for salt

This update for salt fixes the following issues: - Fix regression on cmd.run when passing tuples as cmd bsc1182740 - Allow extrafilerefs as sanitized kwargs for SSH client - Fix errors with virt.update - Fix for multiple for security issues CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-31...

SUSE-SU-2021:14650-1 Security update for salt

This update for salt fixes the following issues: - Fix regression on cmd.run when passing tuples as cmd bsc1182740 - Allow extrafilerefs as sanitized kwargs for SSH client - Fix for multiple for security issues CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-3148 CVE-2021-3144 CVE-2021-2528...

SUSE-SU-2021:0627-1 Security update for salt

This update for salt fixes the following issues: - Fix regression on cmd.run when passing tuples as cmd bsc1182740 - Allow extrafilerefs as sanitized kwargs for SSH client - Fix errors with virt.update - Fix for multiple for security issues CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-31...

SUSE-SU-2021:0626-1 Security update for py26-compat-salt

This update for py26-compat-salt fixes the following issues: - Allow extrafilerefs as sanitized kwargs for SSH client - Fix for multiple for security issues CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-3148 CVE-2021-3144 CVE-2021-25281 CVE-2021-25282 CVE-2021-25283 CVE-2021-25284...

SUSE-SU-2021:0624-1 Security update for py26-compat-salt

This update for py26-compat-salt fixes the following issues: - Allow extrafilerefs as sanitized kwargs for SSH client - Fix for multiple for security issues CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-3148 CVE-2021-3144 CVE-2021-25281 CVE-2021-25282 CVE-2021-25283 CVE-2021-25284...

Security update for salt (critical)

openSUSE Security Update: Security update for salt Announcement ID: openSUSE-SU-2021:0347-1 Rating: critical References: 1181550 1181556 1181557 1181558 1181559 1181560 1181561 1181562 1181563 1181564 1181565 1182740 Cross-References: CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-25281...

[SECURITY] [DSA 4837-1] salt security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4837-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 24, 2021 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4837-1] salt security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4837-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 24, 2021 https://www.debian.org/security/faq -...

FreeBSD : salt -- multiple vulnerabilities (50259d8b-243e-11eb-8bae-b42e99975750)

SaltStack reports multiple security vulnerabilities in Salt 3002 : - CVE-2020-16846: Prevent shell injections in netapi ssh client. - CVE-2020-17490: Prevent creating world readable private keys with the tls execution module. - CVE-2020-25592: Properly validate eauth credentials and tokens along...

Shell Injection

Salt is vulnerable to shell injection. An attacker can send malicious web requests to the Salt API to execute arbitrary shell commands when the SSH client is enabled...

CVE-2020-16846

A flaw was found in salt. A shell injection vulnerability was found where an unauthenticated user with network access to the Salt API can use shell injections to run code on the Salt-API using the SSH client. An attacker could use this flaw to cause a denial of service, information disclosure, or...

CVE-2020-16846

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection...

PYSEC-2020-104

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection...

CVE-2020-16846

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection...

CVE-2020-16846

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection...

CVE-2020-16846 — SaltStack Unauthenticated Shell Injection

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection. Recent assessments: ccondon-r7 at October 14, 2021 2:31pm UTC reported: Being exploited in the wild as of April 2021. Juniper Networks...

SaltStack < 3002 Multiple Vulnerabilities

According to its self-reported version number, the instance of SaltStack hosted on the remote server is affected by multiple vulnerabilities: - eauth is not sufficiently validated when calling Salt SSH via the salt-api. Any value for 'eauth' or 'token' will allow a user to bypass authentication a...