52 matches found
CVE-2020-11651
SaltStack Salt (CVE-2020-11651) vulnerable in Salt before 2019.2.4 and 3000 before 3000.2: the salt-master ClearFuncs class does not properly validate method calls, enabling a remote, unauthenticated user to access certain methods, retrieve user tokens from the salt-master, and potentially run ar...
CVE-2020-11652
CVE-2020-11652 affects SaltStack Salt prior to 2019.2.4 and 3000 prior to 3000.2, where the salt-master ClearFuncs class allows authenticated users to access methods that do not properly sanitize paths, enabling arbitrary directory access. This is a directory-traversal vulnerability in the salt-m...
CVE-2020-16846
CVE-2020-16846 affects SaltStack Salt via the Salt API SSH Client. The issue allows an unauthenticated, network-accessible user to execute arbitrary commands by injecting shell commands through crafted requests to the Salt API when the SSH client is enabled. The vulnerability is cited across mult...
CVE-2022-22967
CVE-2022-22967 affects SaltStack Salt prior to 3002.9, 3003.5, and 3004.2. The issue is that PAM authentication fails to reject locked accounts, allowing a previously authorized user with an active or API session to run Salt commands even when the account is locked (including salt-api via PAM eau...
CVE-2023-20897
SaltStack CVE-2023-20897 affects Salt masters prior to 3005.2 or 3006.2, which suffer a DOS in minion return: after receiving several bad packets equal to the worker-thread count, the master becomes unresponsive to return requests until restart. Remediation: upgrade to at least 3005.2/3006.2 or n...
CVE-2023-20898
CVE-2023-20898 affects SaltStack Salt masters prior to 3005.2 or 3006.2. The issue arises when Git Providers with different environments read from the same cache directory base name, allowing garbage or incorrect data to be read, which can lead to data disclosure, wrongful executions, data corrup...
CVE-2020-25592
CVE-2020-25592 affects SaltStack Salt via salt-netapi, where eauth credentials/tokens are not properly validated, allowing an unauthenticated user to bypass authentication and invoke Salt SSH. Evidence in connected advisories confirms the issue and that multiple distributions issued fixes (e.g., ...
CVE-2021-25282
CVE-2021-25282 affects SaltStack Salt prior to 3002.5, where the salt.wheel.pillar_roots.write method is vulnerable to directory traversal in the Salt API wheelClient. This can allow writing to subdirectories via pillar_roots.write. Debian and Fedora advisories indicate patches and upgrades to Sa...
CVE-2021-25281
The CVE-2021-25281 issue affects SaltStack Salt prior to 3002.5, where salt-api does not honor eauth credentials for the wheel_async client. This auth bypass enables a remote attacker to run wheel modules on the master, potentially granting remote command execution and broader access. Public sour...
CVE-2021-25283
CVE-2021-25283 concerns SaltStack Salt prior to 3002.5, where the jinja renderer fails to protect against server-side template injection attacks. The issue is documented across multiple sources: the initial description notes SSR risk; GitHub advisories and Gentoo/Fedora/Debian records reference t...
CVE-2021-31607
CVE-2021-31607 affects SaltStack Salt 2016.9 through 3002.6, via a command injection in the snapper module that enables local privilege escalation on a minion. The attack requires creation of a file with a path backed up by snapper, followed by the master invoking snapper.diff, which executes pop...
CVE-2019-17361
CVE-2019-17361 affects Salt before 2019.2.3, where the salt-api NET API with the ssh client enabled is vulnerable to remote command execution. The vulnerability allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host. Affected advi...
CVE-2021-25284
CVE-2021-25284 affects SaltStack Salt prior to 3002.5, where salt.modules.cmdmod can log credentials to info or error logs. Exploitation details are not provided in the sources, but multiple advisories confirm credential leakage via logging within cmdmod. Remediation across sources centers on upg...
CVE-2021-3197
SaltStack Salt before 3002.5 is vulnerable in the salt-api ssh client to a shell injection via ProxyCommand or via ssh_options provided in API requests. Affected component: salt-api SSH handling; root cause: improper handling of ProxyCommand/ssh_options inputs leading to command injection. Impact...
CVE-2021-3148
CVE-2021-3148 affects SaltStack Salt prior to 3002.5. Sending crafted web requests to the Salt API can trigger a command injection via salt.utils.thin.gen_thin() due to divergent handling of single vs. double quotes in salt/utils/thin.py. The vulnerability is documented across multiple advisories...
CVE-2021-3144
CVE-2021-3144 affects SaltStack Salt prior to 3002.5. The vulnerability allows eauth tokens to be used once after expiration, potentially enabling an attacker to execute commands against the salt-master or minions. In exposed advisories, the impact is remote command execution with high severity, ...
CVE-2020-28243
CVE-2020-28243 affects SaltStack Salt before 3002.5. The minion’s path restartcheck is vulnerable to command injection via a crafted process name, enabling local privilege escalation for any user who can create files on the minion in a non-blacklisted directory. The issue is documented across mul...
CVE-2020-35662
SaltStack Salt before 3002.5 does not consistently validate SSL certificates during authentication with certain modules. Affected: Salt (SaltStack Salt) core; root cause: SSL certificate validation is bypassed/not consistently enforced. Impact: potential exposure of credentials or sensitive data ...
CVE-2021-21996
CVE-2021-21996 affects SaltStack Salt prior to 3003.3. A user who controls the source and source_hash URLs can gain full filesystem access as root on a Salt minion. The connected Nessus/Gentoo GLSA entries corroborate the vulnerability in Salt and point to a remediation path: upgrade Salt to a ne...
CVE-2020-28972
SaltStack Salt CVE-2020-28972 : A vulnerability in Salt before 3002.5 allows authentication to VMware vcenter, vSphere, and ESXi servers via the vmware.py code paths without always validating SSL/TLS certificates. The issue stems from improper certificate validation in the SSL/TLS verification fl...
CVE-2018-15751
CVE-2018-15751 affects SaltStack Salt: pre-2017.7.8 and pre-2018.3.3 for the 2018.3.x line allow remote attackers to bypass authentication via salt-api (netapi) and execute arbitrary commands. Public advisories from multiple vendors (Ubuntu USN-4459-1, OpenSUSE/SUSE updates) describe the issue an...
CVE-2018-15750
CVE-2018-15750 is a directory-traversal vulnerability in SaltStack’s salt-api. It affects SaltStack Salt with SaltAPI handling of netapi requests, allowing remote attackers to determine which files exist on the server. The vulnerability is present in Salt before 2017.7.8 for the 2017.7.x line and...
CVE-2020-17490
CVE-2020-17490 affects SaltStack Salt (TLS module) up to version 3002, where the TLS execution module creates certificates with weak file permissions. The root cause is improper permissions on certificate files, potentially exposing private keys and enabling unintended access to sensitive materia...
CVE-2022-22934
The CVE-2022-22934 issue affects SaltStack Salt versions before 3002.8, 3003.4, or 3004.1, where Salt Masters do not sign pillar data with the minion’s public key, enabling an attacker to substitute arbitrary pillar data. Connected advisories corroborate multiple vulnerability entries for Salt in...
CVE-2021-25315
CVE-2021-25315 — Summary : The vulnerability is an Incorrect Implementation of Authentication Algorithm in Salt for SUSE Linux Enterprise Server 15 SP3 and openSUSE Tumbleweed. It could allow local attackers to execute arbitrary code via salt without valid credentials. The issue affects salt vers...
CVE-2022-22936
CVE-2022-22936 affects SaltStack Salt before versions 3002.8, 3003.4, and 3004.1. The issue allows replay attacks on job publishes and on file server replies, enabling an attacker to replay old jobs to minions. In certain scenarios, a craftier attacker could gain root access on a minion. Public s...
CVE-2022-22941
CVE-2022-22941 affects SaltStack Salt prior to 3002.8, 3003.4, and 3004.1 when configured as a Master‑of‑Masters with a publisher_acl. A Syndic‑connected minion set can be targeted by a user in publisher_acl, and the Master can incorrectly treat no valid targets as valid, allowing that user to pu...
CVE-2024-38824
CVE-2024-38824 is a directory traversal vulnerability in the recv_file method that allows writing arbitrary files into the Salt master cache directory. Public references in multiple advisories (SUSE openSUSE/SUSE-SU-2025-02501/-02492/-02476, SUSE-2025-02492, -02500, -02502) confirm the flaw affec...
CVE-2021-22004
Affected product: SaltStack Salt (before 3003.3). Vulnerability: the salt minion installer will accept a pre-existing minion config file at C:\salt\conf, enabling a malicious actor to subvert minion behavior (CVE-2021-22004). Related issues in the same Fedora/Nessus/OpenVAS records also reference...
CVE-2022-22935
The connected Nessus document for CVE-2022-22935 confirms a concrete vulnerability in SaltStack Salt prior to 3002.8, 3003.4, and 3004.1: a minion authentication denial-of-service that allows a MiTM attacker to impersonate the master and stop a minion process. No patch or remediation details are ...
CVE-2017-5200
CVE-2017-5200 affects SaltStack Salt’s Salt-api via ssh_client, enabling arbitrary command execution on the salt-master. Affected versions include Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2. Mitigation: apply the fixed releases (e.g., Salt 2015.8.13, 2016.3.5,...
CVE-2017-12791
CVE-2017-12791 is a SaltStack directory traversal vulnerability in minion ID validation. The issue affects Salt before 2016.11.7 and 2017.7.x before 2017.7.1, allowing remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. The vulnerability stems from insuf...
CVE-2017-5192
CVE-2017-5192 affects SaltStack Salt where the local_batch client from salt-api does not respect external_auth in certain old branches (Salt before 2015.8.13; 2016.3.x before 2016.3.5; 2016.11.x before 2016.11.2). This enables authentication bypass of remote callers using the local_batch interfac...
CVE-2014-3563
CVE-2014-3563 affects Salt (SaltStack) before 2014.1.10. The issue relates to insecure temporary file creation in components (seed.py, salt-ssh, salt-cloud), allowing local attackers to write to arbitrary files and potentially achieve DoS or arbitrary code execution. The available connected docum...
CVE-2017-14696
CVE-2017-14696 is a SaltStack denial-of-service vulnerability triggered by a crafted authentication request. Affected are Salt versions: 2016.3.x before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2. Public advisories (e.g., SUSE-SU-2017:3381-1) confirm the DoS impact and not...
CVE-2017-8109
The CVE-2017-8109 entry concerns SaltStack Salt 2016.11 before 2016.11.4, where the salt-ssh minion copied configuration from the Salt Master without adjusting permissions, potentially leaking credentials to local attackers on configured minions. Public writeups in the connected docs confirm the ...
CVE-2017-14695
CVE-2017-14695 is a SaltStack Salt directory traversal vulnerability in minion_id validation. It affects Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2, enabling remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. This iss...
CVE-2015-1838
The CVE-2015-1838 entry concerns SaltStack, specifically modules/serverdensity_device.py, with the flaw existing in SaltStack prior to version 2014.7.4 due to improper handling of files in /tmp. The vulnerability is documented in multiple feeds, including NVD (CVE-2015-1838) indicating a local, l...
CVE-2013-4439
Salt (SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key. Affected versions: up to 0.17.0. Impact: impersonation by an authenticated minion. Remediation: upgrade to 0.17.1 or later (e.g., Fedora adviso...
CVE-2016-1866
Salt 2015.8.x before 2015.8.4 is vulnerable due to improper handling of clear messages on the minion, enabling a man-in-the-middle to insert packets into the minion-master data stream and execute arbitrary code. A patch is available in Salt 2015.8.4 (and later) to fix this. The CVSS context from ...
CVE-2021-33226
SaltStack Salt vulnerability CVE-2021-33226 affects v.3003 and earlier. The issue is a Buffer Overflow in salt/salt/modules/status.py (func variable) that could allow arbitrary code execution. Multiple connected sources (Red Hat, SUSE, OSV, NVD, etc.) describe the same flaw and note that the clai...
CVE-2017-7893
Affected product: SaltStack Salt up to version 2016.3.6. Issue: compromised salt-minions can impersonate the salt-master, enabling impersonation of the master and potential leakage or manipulation of configurations. Impact: per NVD metrics, base CVSSv3 of 9.8 (CRITICAL) with network attack, low c...
CVE-2016-3176
CVE-2016-3176 affects Salt with PAM external authentication enabled. Vulnerable: Salt releases prior to 2015.5.10 and 2015.8.x before 2015.8.8. Issue: attackers can bypass the configured authentication service by passing an alternate service with a command sent to LocalClient. Impact is limited t...
CVE-2015-1839
CVE-2015-1839 affects SaltStack (Salt) due to insecure handling of files in /tmp in the module salt/modules/chef.py, specifically in versions before 2014.7.4. The vulnerability stems from improper /tmp handling, allowing an attacker to alter a specified file (per CNVD entry) and is documented acr...
CVE-2016-9639
CVE-2016-9639 affects Salt before 2015.8.11. The issue arises from caching behavior that allows deleted minions to read or write to other minions sharing the same id. Affected component: Salt minion management; root cause: improper handling of cached keys/minion identity. Impact per the provided ...
CVE-2015-8034
CVE-2015-8034 affects Salt before version 2015.8.3, where the state.sls function stores cache data with weak permissions, allowing local attackers to read sensitive information. Connected sources confirm the underlying issue and note remediation via upgrading to Salt 2015.8.3 or later. If upgradi...
CVE-2013-4437
Technical details for CVE-2013-4437 are not publicly provided in the supplied documents. Monitor for updates and new disclosures.
CVE-2013-6617
CVE-2013-6617 affects Salt master (SaltStack) versions 0.11.0–0.17.0, where the process does not properly drop group privileges, enabling privilege escalation by remote attackers. The issue is documented across multiple feeds (NVD entry for CVE-2013-6617 and related advisories). Impact stated: at...
CVE-2013-4436
CVE-2013-4436 concerns SaltStack’s salt-ssh default configuration (Salt 0.17.0) that does not validate the SSH host key, enabling MITM-style impact. Multiple connected sources (GHSA-F22J-37JJ-CXW9, OSV, NVD variant) corroborate the MITM risk but do not provide exploit details. A remediation menti...
CVE-2013-4438
SaltStack (Salt) before 0.17.1 is vulnerable to remote code execution via YAML loading with unspecified vectors. The issue is evidenced by multiple feeds: CVE-2013-4438 states that an attacker can execute arbitrary YAML code, with the vendor noting the YAML may already be safe. Public references ...