Salt@2019.2.0 Security Vulnerabilities and Issues — Salt@2019.2.0 CVE List

Lucene search

SaltstackSalt2019.2.0

4 matches found

CVE•added 2020/11/06 8:15 a.m.•1154 views

CVE-2020-16846

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.

9.8CVSS9.3AI score0.94429EPSS

In wildWeb

CVE•added 2020/11/06 8:15 a.m.•346 views

CVE-2020-25592

In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.

9.8CVSS9.5AI score0.44032EPSS

In wild

CVE•added 2020/01/17 2:15 a.m.•259 views

CVE-2019-17361

In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.

9.8CVSS9.8AI score0.1468EPSS

CVE•added 2020/11/06 8:15 a.m.•182 views

CVE-2020-17490

The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.

5.5CVSS7.1AI score0.00049EPSS