Lucene search
K

24 matches found

CVE
CVE
added 2020/04/30 4:58 p.m.1499 views

CVE-2020-11651

SaltStack Salt (CVE-2020-11651) vulnerable in Salt before 2019.2.4 and 3000 before 3000.2: the salt-master ClearFuncs class does not properly validate method calls, enabling a remote, unauthenticated user to access certain methods, retrieve user tokens from the salt-master, and potentially run ar...

9.8CVSS9.6AI score0.96405EPSS
In wild
CVE
CVE
added 2020/04/30 5:0 p.m.1343 views

CVE-2020-11652

CVE-2020-11652 affects SaltStack Salt prior to 2019.2.4 and 3000 prior to 3000.2, where the salt-master ClearFuncs class allows authenticated users to access methods that do not properly sanitize paths, enabling arbitrary directory access. This is a directory-traversal vulnerability in the salt-m...

6.5CVSS7.8AI score0.86063EPSS
In wild
CVE
CVE
added 2020/11/06 7:27 a.m.1192 views

CVE-2020-16846

CVE-2020-16846 affects SaltStack Salt via the Salt API SSH Client. The issue allows an unauthenticated, network-accessible user to execute arbitrary commands by injecting shell commands through crafted requests to the Salt API when the SSH client is enabled. The vulnerability is cited across mult...

9.8CVSS9.3AI score0.99585EPSS
In wildWeb
CVE
CVE
added 2022/06/22 12:0 a.m.847 views

CVE-2022-22967

CVE-2022-22967 affects SaltStack Salt prior to 3002.9, 3003.5, and 3004.2. The issue is that PAM authentication fails to reject locked accounts, allowing a previously authorized user with an active or API session to run Salt commands even when the account is locked (including salt-api via PAM eau...

8.8CVSS8.3AI score0.01878EPSS
CVE
CVE
added 2023/09/05 10:56 a.m.388 views

CVE-2023-20897

SaltStack CVE-2023-20897 affects Salt masters prior to 3005.2 or 3006.2, which suffer a DOS in minion return: after receiving several bad packets equal to the worker-thread count, the master becomes unresponsive to return requests until restart. Remediation: upgrade to at least 3005.2/3006.2 or n...

5.3CVSS6AI score0.01033EPSS
CVE
CVE
added 2023/09/05 10:59 a.m.372 views

CVE-2023-20898

CVE-2023-20898 affects SaltStack Salt masters prior to 3005.2 or 3006.2. The issue arises when Git Providers with different environments read from the same cache directory base name, allowing garbage or incorrect data to be read, which can lead to data disclosure, wrongful executions, data corrup...

7.8CVSS5.7AI score0.00286EPSS
CVE
CVE
added 2020/11/06 7:31 a.m.361 views

CVE-2020-25592

CVE-2020-25592 affects SaltStack Salt via salt-netapi, where eauth credentials/tokens are not properly validated, allowing an unauthenticated user to bypass authentication and invoke Salt SSH. Evidence in connected advisories confirms the issue and that multiple distributions issued fixes (e.g., ...

9.8CVSS9.5AI score0.57453EPSS
In wildWeb
CVE
CVE
added 2021/02/27 12:0 a.m.318 views

CVE-2021-25282

CVE-2021-25282 affects SaltStack Salt prior to 3002.5, where the salt.wheel.pillar_roots.write method is vulnerable to directory traversal in the Salt API wheelClient. This can allow writing to subdirectories via pillar_roots.write. Debian and Fedora advisories indicate patches and upgrades to Sa...

9.1CVSS9.1AI score0.92312EPSS
CVE
CVE
added 2021/02/27 12:0 a.m.310 views

CVE-2021-25281

The CVE-2021-25281 issue affects SaltStack Salt prior to 3002.5, where salt-api does not honor eauth credentials for the wheel_async client. This auth bypass enables a remote attacker to run wheel modules on the master, potentially granting remote command execution and broader access. Public sour...

9.8CVSS9.2AI score0.72945EPSS
In wild
CVE
CVE
added 2021/02/27 12:0 a.m.308 views

CVE-2021-25283

CVE-2021-25283 concerns SaltStack Salt prior to 3002.5, where the jinja renderer fails to protect against server-side template injection attacks. The issue is documented across multiple sources: the initial description notes SSR risk; GitHub advisories and Gentoo/Fedora/Debian records reference t...

9.8CVSS9.4AI score0.10426EPSS
CVE
CVE
added 2021/02/27 12:0 a.m.284 views

CVE-2021-25284

CVE-2021-25284 affects SaltStack Salt prior to 3002.5, where salt.modules.cmdmod can log credentials to info or error logs. Exploitation details are not provided in the sources, but multiple advisories confirm credential leakage via logging within cmdmod. Remediation across sources centers on upg...

4.4CVSS6.5AI score0.00539EPSS
CVE
CVE
added 2021/02/27 12:0 a.m.283 views

CVE-2021-3197

SaltStack Salt before 3002.5 is vulnerable in the salt-api ssh client to a shell injection via ProxyCommand or via ssh_options provided in API requests. Affected component: salt-api SSH handling; root cause: improper handling of ProxyCommand/ssh_options inputs leading to command injection. Impact...

9.8CVSS9.3AI score0.72327EPSS
CVE
CVE
added 2021/02/27 12:0 a.m.276 views

CVE-2021-3148

CVE-2021-3148 affects SaltStack Salt prior to 3002.5. Sending crafted web requests to the Salt API can trigger a command injection via salt.utils.thin.gen_thin() due to divergent handling of single vs. double quotes in salt/utils/thin.py. The vulnerability is documented across multiple advisories...

9.8CVSS9.4AI score0.08246EPSS
CVE
CVE
added 2021/02/27 12:0 a.m.272 views

CVE-2021-3144

CVE-2021-3144 affects SaltStack Salt prior to 3002.5. The vulnerability allows eauth tokens to be used once after expiration, potentially enabling an attacker to execute commands against the salt-master or minions. In exposed advisories, the impact is remote command execution with high severity, ...

9.1CVSS9.3AI score0.05196EPSS
CVE
CVE
added 2021/02/27 12:0 a.m.266 views

CVE-2020-28243

CVE-2020-28243 affects SaltStack Salt before 3002.5. The minion’s path restartcheck is vulnerable to command injection via a crafted process name, enabling local privilege escalation for any user who can create files on the minion in a non-blacklisted directory. The issue is documented across mul...

7.8CVSS8.5AI score0.04302EPSS
CVE
CVE
added 2021/02/27 12:0 a.m.260 views

CVE-2020-35662

SaltStack Salt before 3002.5 does not consistently validate SSL certificates during authentication with certain modules. Affected: Salt (SaltStack Salt) core; root cause: SSL certificate validation is bypassed/not consistently enforced. Impact: potential exposure of credentials or sensitive data ...

7.4CVSS8.2AI score0.02954EPSS
CVE
CVE
added 2021/02/27 12:0 a.m.246 views

CVE-2020-28972

SaltStack Salt CVE-2020-28972 : A vulnerability in Salt before 3002.5 allows authentication to VMware vcenter, vSphere, and ESXi servers via the vmware.py code paths without always validating SSL/TLS certificates. The issue stems from improper certificate validation in the SSL/TLS verification fl...

5.9CVSS7.3AI score0.0309EPSS
CVE
CVE
added 2021/09/08 12:0 a.m.246 views

CVE-2021-21996

CVE-2021-21996 affects SaltStack Salt prior to 3003.3. A user who controls the source and source_hash URLs can gain full filesystem access as root on a Salt minion. The connected Nessus/Gentoo GLSA entries corroborate the vulnerability in Salt and point to a remediation path: upgrade Salt to a ne...

7.5CVSS7.5AI score0.03514EPSS
CVE
CVE
added 2018/10/24 10:0 p.m.235 views

CVE-2018-15751

CVE-2018-15751 affects SaltStack Salt: pre-2017.7.8 and pre-2018.3.3 for the 2018.3.x line allow remote attackers to bypass authentication via salt-api (netapi) and execute arbitrary commands. Public advisories from multiple vendors (Ubuntu USN-4459-1, OpenSUSE/SUSE updates) describe the issue an...

9.8CVSS9.8AI score0.05199EPSS
CVE
CVE
added 2018/10/24 10:0 p.m.227 views

CVE-2018-15750

CVE-2018-15750 is a directory-traversal vulnerability in SaltStack’s salt-api. It affects SaltStack Salt with SaltAPI handling of netapi requests, allowing remote attackers to determine which files exist on the server. The vulnerability is present in Salt before 2017.7.8 for the 2017.7.x line and...

5.3CVSS6.9AI score0.0424EPSS
CVE
CVE
added 2020/11/06 7:29 a.m.197 views

CVE-2020-17490

CVE-2020-17490 affects SaltStack Salt (TLS module) up to version 3002, where the TLS execution module creates certificates with weak file permissions. The root cause is improper permissions on certificate files, potentially exposing private keys and enabling unintended access to sensitive materia...

5.5CVSS7.1AI score0.00408EPSS
CVE
CVE
added 2021/03/03 9:55 a.m.181 views

CVE-2021-25315

CVE-2021-25315 — Summary : The vulnerability is an Incorrect Implementation of Authentication Algorithm in Salt for SUSE Linux Enterprise Server 15 SP3 and openSUSE Tumbleweed. It could allow local attackers to execute arbitrary code via salt without valid credentials. The issue affects salt vers...

9.8CVSS8.7AI score0.02333EPSS
CVE
CVE
added 2021/09/08 3:0 p.m.143 views

CVE-2021-22004

Affected product: SaltStack Salt (before 3003.3). Vulnerability: the salt minion installer will accept a pre-existing minion config file at C:\salt\conf, enabling a malicious actor to subvert minion behavior (CVE-2021-22004). Related issues in the same Fedora/Nessus/OpenVAS records also reference...

6.4CVSS6.2AI score0.00346EPSS
CVE
CVE
added 2018/04/23 10:0 p.m.59 views

CVE-2017-7893

Affected product: SaltStack Salt up to version 2016.3.6. Issue: compromised salt-minions can impersonate the salt-master, enabling impersonation of the master and potential leakage or manipulation of configurations. Impact: per NVD metrics, base CVSSv3 of 9.8 (CRITICAL) with network attack, low c...

9.8CVSS9.3AI score0.014EPSS