Salt Security Vulnerabilities and Issues — Salt CVE List

Lucene search

SaltstackSalt

6 matches found

CVE•added 2013/11/05 6:55 p.m.•54 views

CVE-2013-4439

Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key.

4.9CVSS6.2AI score0.00193EPSS

CVE•added 2013/11/05 6:55 p.m.•41 views

CVE-2013-4438

Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to be loaded has already been determined to be safe.

7.5CVSS7.7AI score0.0057EPSS

CVE•added 2013/11/05 6:55 p.m.•40 views

CVE-2013-4437

Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp."

10CVSS6.4AI score0.00675EPSS

CVE•added 2013/11/05 6:55 p.m.•40 views

CVE-2013-6617

The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges.

10CVSS6.9AI score0.01705EPSS

CVE•added 2013/11/05 6:55 p.m.•36 views

CVE-2013-4435

Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine.

6CVSS6.7AI score0.00324EPSS

CVE•added 2013/11/05 6:55 p.m.•36 views

CVE-2013-4436

The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle (MITM) attack.

9.3CVSS6.9AI score0.00711EPSS