9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.975 High
EPSS
Percentile
100.0%
It was discovered that Salt allows remote attackers to determine which files
exist on the server. An attacker could use that to extract sensitive
information. (CVE-2018-15750)
It was discovered that Salt has a vulnerability that allows an user to bypass
authentication. An attacker could use that to extract sensitive information,
execute abritrary code or crash the server. (CVE-2018-15751)
It was discovered that Salt is vulnerable to command injection. This allows
an unauthenticated attacker with network access to the API endpoint to
execute arbitrary code on the salt-api host. (CVE-2019-17361)
It was discovered that Salt incorrectly validated method calls and
sanitized paths. A remote attacker could possibly use this issue to access
some methods without authentication. (CVE-2020-11651, CVE-2020-11652)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 18.04 | noarch | salt-api | < 2017.7.4+dfsg1-1ubuntu18.04.2 | UNKNOWN |
Ubuntu | 18.04 | noarch | salt-cloud | < 2017.7.4+dfsg1-1ubuntu18.04.2 | UNKNOWN |
Ubuntu | 18.04 | noarch | salt-common | < 2017.7.4+dfsg1-1ubuntu18.04.2 | UNKNOWN |
Ubuntu | 18.04 | noarch | salt-doc | < 2017.7.4+dfsg1-1ubuntu18.04.2 | UNKNOWN |
Ubuntu | 18.04 | noarch | salt-master | < 2017.7.4+dfsg1-1ubuntu18.04.2 | UNKNOWN |
Ubuntu | 18.04 | noarch | salt-minion | < 2017.7.4+dfsg1-1ubuntu18.04.2 | UNKNOWN |
Ubuntu | 18.04 | noarch | salt-proxy | < 2017.7.4+dfsg1-1ubuntu18.04.2 | UNKNOWN |
Ubuntu | 18.04 | noarch | salt-ssh | < 2017.7.4+dfsg1-1ubuntu18.04.2 | UNKNOWN |
Ubuntu | 18.04 | noarch | salt-syndic | < 2017.7.4+dfsg1-1ubuntu18.04.2 | UNKNOWN |
Ubuntu | 16.04 | noarch | salt-api | < 2015.8.8+ds-1ubuntu0.1 | UNKNOWN |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.975 High
EPSS
Percentile
100.0%