Salt Security Vulnerabilities and Issues — Salt CVE List

Lucene search

SaltstackSalt

6 matches found

CVE•added 2020/04/30 5:15 p.m.•1380 views

CVE-2020-11651

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the sal...

9.8CVSS9.6AI score0.94367EPSS

CVE•added 2020/04/30 5:15 p.m.•1289 views

CVE-2020-11652

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.

6.5CVSS7.8AI score0.93939EPSS

CVE•added 2020/11/06 8:15 a.m.•1123 views

CVE-2020-16846

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.

9.8CVSS9.3AI score0.94387EPSS

CVE•added 2020/11/06 8:15 a.m.•316 views

CVE-2020-25592

In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.

9.8CVSS9.5AI score0.58159EPSS

CVE•added 2020/01/17 2:15 a.m.•257 views

CVE-2019-17361

In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.

9.8CVSS9.8AI score0.13558EPSS

CVE•added 2020/11/06 8:15 a.m.•179 views

CVE-2020-17490

The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.

5.5CVSS7.1AI score0.0004EPSS