52 matches found
CVE-2013-4435
Salt (SaltStack) CVE-2013-4435 affects versions 0.15.0–0.17.0 where remote authenticated users with external authentication or client ACLs can embed a routine inside another to execute restricted routines. The vulnerability stems from insufficient access control/argument handling in multiple modu...
CVE-2015-4017
CVE-2015-4017 describes a vulnerability in Salt prior to 2014.7.6 where certificate verification is not performed when Salt connects via the aliyun, proxmox, and splunk modules. According to the connected SUSE/OSV records, the issue centers on Salt’s failure to validate certificates, potentially ...