24 matches found
CVE-2020-11651
SaltStack Salt (CVE-2020-11651) vulnerable in Salt before 2019.2.4 and 3000 before 3000.2: the salt-master ClearFuncs class does not properly validate method calls, enabling a remote, unauthenticated user to access certain methods, retrieve user tokens from the salt-master, and potentially run ar...
CVE-2020-11652
CVE-2020-11652 affects SaltStack Salt prior to 2019.2.4 and 3000 prior to 3000.2, where the salt-master ClearFuncs class allows authenticated users to access methods that do not properly sanitize paths, enabling arbitrary directory access. This is a directory-traversal vulnerability in the salt-m...
CVE-2020-16846
CVE-2020-16846 affects SaltStack Salt via the Salt API SSH Client. The issue allows an unauthenticated, network-accessible user to execute arbitrary commands by injecting shell commands through crafted requests to the Salt API when the SSH client is enabled. The vulnerability is cited across mult...
CVE-2022-22967
CVE-2022-22967 affects SaltStack Salt prior to 3002.9, 3003.5, and 3004.2. The issue is that PAM authentication fails to reject locked accounts, allowing a previously authorized user with an active or API session to run Salt commands even when the account is locked (including salt-api via PAM eau...
CVE-2023-20897
SaltStack CVE-2023-20897 affects Salt masters prior to 3005.2 or 3006.2, which suffer a DOS in minion return: after receiving several bad packets equal to the worker-thread count, the master becomes unresponsive to return requests until restart. Remediation: upgrade to at least 3005.2/3006.2 or n...
CVE-2023-20898
CVE-2023-20898 affects SaltStack Salt masters prior to 3005.2 or 3006.2. The issue arises when Git Providers with different environments read from the same cache directory base name, allowing garbage or incorrect data to be read, which can lead to data disclosure, wrongful executions, data corrup...
CVE-2020-25592
CVE-2020-25592 affects SaltStack Salt via salt-netapi, where eauth credentials/tokens are not properly validated, allowing an unauthenticated user to bypass authentication and invoke Salt SSH. Evidence in connected advisories confirms the issue and that multiple distributions issued fixes (e.g., ...
CVE-2021-25282
CVE-2021-25282 affects SaltStack Salt prior to 3002.5, where the salt.wheel.pillar_roots.write method is vulnerable to directory traversal in the Salt API wheelClient. This can allow writing to subdirectories via pillar_roots.write. Debian and Fedora advisories indicate patches and upgrades to Sa...
CVE-2021-25281
The CVE-2021-25281 issue affects SaltStack Salt prior to 3002.5, where salt-api does not honor eauth credentials for the wheel_async client. This auth bypass enables a remote attacker to run wheel modules on the master, potentially granting remote command execution and broader access. Public sour...
CVE-2021-25283
CVE-2021-25283 concerns SaltStack Salt prior to 3002.5, where the jinja renderer fails to protect against server-side template injection attacks. The issue is documented across multiple sources: the initial description notes SSR risk; GitHub advisories and Gentoo/Fedora/Debian records reference t...
CVE-2021-25284
CVE-2021-25284 affects SaltStack Salt prior to 3002.5, where salt.modules.cmdmod can log credentials to info or error logs. Exploitation details are not provided in the sources, but multiple advisories confirm credential leakage via logging within cmdmod. Remediation across sources centers on upg...
CVE-2021-3197
SaltStack Salt before 3002.5 is vulnerable in the salt-api ssh client to a shell injection via ProxyCommand or via ssh_options provided in API requests. Affected component: salt-api SSH handling; root cause: improper handling of ProxyCommand/ssh_options inputs leading to command injection. Impact...
CVE-2021-3148
CVE-2021-3148 affects SaltStack Salt prior to 3002.5. Sending crafted web requests to the Salt API can trigger a command injection via salt.utils.thin.gen_thin() due to divergent handling of single vs. double quotes in salt/utils/thin.py. The vulnerability is documented across multiple advisories...
CVE-2021-3144
CVE-2021-3144 affects SaltStack Salt prior to 3002.5. The vulnerability allows eauth tokens to be used once after expiration, potentially enabling an attacker to execute commands against the salt-master or minions. In exposed advisories, the impact is remote command execution with high severity, ...
CVE-2020-28243
CVE-2020-28243 affects SaltStack Salt before 3002.5. The minion’s path restartcheck is vulnerable to command injection via a crafted process name, enabling local privilege escalation for any user who can create files on the minion in a non-blacklisted directory. The issue is documented across mul...
CVE-2020-35662
SaltStack Salt before 3002.5 does not consistently validate SSL certificates during authentication with certain modules. Affected: Salt (SaltStack Salt) core; root cause: SSL certificate validation is bypassed/not consistently enforced. Impact: potential exposure of credentials or sensitive data ...
CVE-2020-28972
SaltStack Salt CVE-2020-28972 : A vulnerability in Salt before 3002.5 allows authentication to VMware vcenter, vSphere, and ESXi servers via the vmware.py code paths without always validating SSL/TLS certificates. The issue stems from improper certificate validation in the SSL/TLS verification fl...
CVE-2021-21996
CVE-2021-21996 affects SaltStack Salt prior to 3003.3. A user who controls the source and source_hash URLs can gain full filesystem access as root on a Salt minion. The connected Nessus/Gentoo GLSA entries corroborate the vulnerability in Salt and point to a remediation path: upgrade Salt to a ne...
CVE-2018-15751
CVE-2018-15751 affects SaltStack Salt: pre-2017.7.8 and pre-2018.3.3 for the 2018.3.x line allow remote attackers to bypass authentication via salt-api (netapi) and execute arbitrary commands. Public advisories from multiple vendors (Ubuntu USN-4459-1, OpenSUSE/SUSE updates) describe the issue an...
CVE-2018-15750
CVE-2018-15750 is a directory-traversal vulnerability in SaltStack’s salt-api. It affects SaltStack Salt with SaltAPI handling of netapi requests, allowing remote attackers to determine which files exist on the server. The vulnerability is present in Salt before 2017.7.8 for the 2017.7.x line and...
CVE-2020-17490
CVE-2020-17490 affects SaltStack Salt (TLS module) up to version 3002, where the TLS execution module creates certificates with weak file permissions. The root cause is improper permissions on certificate files, potentially exposing private keys and enabling unintended access to sensitive materia...
CVE-2021-25315
CVE-2021-25315 — Summary : The vulnerability is an Incorrect Implementation of Authentication Algorithm in Salt for SUSE Linux Enterprise Server 15 SP3 and openSUSE Tumbleweed. It could allow local attackers to execute arbitrary code via salt without valid credentials. The issue affects salt vers...
CVE-2021-22004
Affected product: SaltStack Salt (before 3003.3). Vulnerability: the salt minion installer will accept a pre-existing minion config file at C:\salt\conf, enabling a malicious actor to subvert minion behavior (CVE-2021-22004). Related issues in the same Fedora/Nessus/OpenVAS records also reference...
CVE-2017-7893
Affected product: SaltStack Salt up to version 2016.3.6. Issue: compromised salt-minions can impersonate the salt-master, enabling impersonation of the master and potential leakage or manipulation of configurations. Impact: per NVD metrics, base CVSSv3 of 9.8 (CRITICAL) with network attack, low c...