Salt@3001 Security Vulnerabilities and Issues — Salt@3001 CVE List

Lucene search

SaltstackSalt3001

3 matches found

CVE•added 2020/11/06 8:15 a.m.•1124 views

CVE-2020-16846

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.

9.8CVSS9.3AI score0.94387EPSS

CVE•added 2020/11/06 8:15 a.m.•317 views

CVE-2020-25592

In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.

9.8CVSS9.5AI score0.58159EPSS

CVE•added 2020/11/06 8:15 a.m.•179 views

CVE-2020-17490

The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.

5.5CVSS7.1AI score0.0004EPSS