Salt Security Vulnerabilities and Issues — Salt CVE List

Lucene search

SaltstackSalt

7 matches found

CVE•added 2023/09/05 11:15 a.m.•365 views

CVE-2023-20897

Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted.

5.3CVSS6AI score0.0011EPSS

CVE•added 2021/02/27 5:15 a.m.•228 views

CVE-2020-28972

In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.

5.9CVSS7.3AI score0.00527EPSS

CVE•added 2018/10/24 10:29 p.m.•210 views

CVE-2018-15750

Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.

5.3CVSS6.9AI score0.0119EPSS

CVE•added 2020/11/06 8:15 a.m.•179 views

CVE-2020-17490

The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.

5.5CVSS7.1AI score0.0004EPSS

CVE•added 2017/04/13 2:59 p.m.•54 views

CVE-2015-1838

modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.

5.3CVSS5.1AI score0.00164EPSS

CVE•added 2017/04/13 2:59 p.m.•45 views

CVE-2015-1839

modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.

5.3CVSS5.1AI score0.00082EPSS

CVE•added 2017/01/31 7:59 p.m.•42 views

CVE-2016-3176

Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.

5.6CVSS5.6AI score0.00167EPSS