Salt Security Vulnerabilities and Issues — Salt CVE List

Lucene search

SaltstackSalt

20 matches found

CVE•added 2020/04/30 5:15 p.m.•1383 views

CVE-2020-11651

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the sal...

9.8CVSS9.6AI score0.94367EPSS

CVE•added 2020/11/06 8:15 a.m.•1126 views

CVE-2020-16846

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.

9.8CVSS9.3AI score0.94387EPSS

CVE•added 2020/11/06 8:15 a.m.•319 views

CVE-2020-25592

In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.

9.8CVSS9.5AI score0.58159EPSS

CVE•added 2021/02/27 5:15 a.m.•301 views

CVE-2021-25282

An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.

9.1CVSS9.1AI score0.91159EPSS

CVE•added 2021/02/27 5:15 a.m.•291 views

CVE-2021-25283

An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.

9.8CVSS9.4AI score0.07444EPSS

CVE•added 2021/02/27 5:15 a.m.•283 views

CVE-2021-25281

An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.

9.8CVSS9.2AI score0.94014EPSS

CVE•added 2021/02/27 5:15 a.m.•260 views

CVE-2021-3197

An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.

9.8CVSS9.3AI score0.08453EPSS

CVE•added 2020/01/17 2:15 a.m.•257 views

CVE-2019-17361

In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.

9.8CVSS9.8AI score0.13558EPSS

CVE•added 2021/02/27 5:15 a.m.•256 views

CVE-2021-3144

In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)

9.1CVSS9.3AI score0.06197EPSS

CVE•added 2021/02/27 5:15 a.m.•254 views

CVE-2021-3148

An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.

9.8CVSS9.4AI score0.09364EPSS

CVE•added 2018/10/24 10:29 p.m.•216 views

CVE-2018-15751

SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).

9.8CVSS9.8AI score0.00874EPSS

CVE•added 2021/03/03 10:15 a.m.•159 views

CVE-2021-25315

CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to ...

9.8CVSS8.7AI score0.00164EPSS

CVE•added 2025/06/13 8:15 a.m.•102 views

CVE-2024-38824

Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.

9.6CVSS9.3AI score0.00112EPSS

CVE•added 2017/09/26 2:29 p.m.•82 views

CVE-2017-5200

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.

9CVSS8.6AI score0.01262EPSS

CVE•added 2017/08/23 2:29 p.m.•72 views

CVE-2017-12791

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.

9.8CVSS9AI score0.01383EPSS

CVE•added 2017/10/24 5:29 p.m.•63 views

CVE-2017-14695

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an i...

9.8CVSS9.1AI score0.01383EPSS

CVE•added 2023/02/17 6:15 p.m.•50 views

CVE-2021-33226

Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. NOTE: this is disputed by third parties because an attacker cannot influence the eval input

9.8CVSS9.7AI score0.01704EPSS

CVE•added 2018/04/23 10:29 p.m.•48 views

CVE-2017-7893

In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master.

9.8CVSS9.3AI score0.00494EPSS

CVE•added 2017/02/07 5:59 p.m.•42 views

CVE-2016-9639

Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.

9.1CVSS8.9AI score0.00325EPSS

CVE•added 2013/11/05 6:55 p.m.•36 views

CVE-2013-4436

The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle (MITM) attack.

9.3CVSS6.9AI score0.00711EPSS