Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
saltstack salt 2016.11.2 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-11651
An issue exists in SaltStack Salt prior to 2019.2.4 and 3000 prior to 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user toke...
Saltstack Salt
Opensuse Leap 15.1
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
Vmware Application Remote Collector 8.0.0
Vmware Application Remote Collector 7.5.0
17 Github repositories
4 Articles
6.5
CVSSv3
CVE-2020-11652
An issue exists in SaltStack Salt prior to 2019.2.4 and 3000 prior to 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
Saltstack Salt
Opensuse Leap 15.1
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
Blackberry Workspaces Server 9.1.0
Blackberry Workspaces Server
Vmware Application Remote Collector 8.0.0
Vmware Application Remote Collector 7.5.0
12 Github repositories
4 Articles
9.8
CVSSv3
CVE-2019-17361
In SaltStack Salt up to and including 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.
Saltstack Salt
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
7.5
CVSSv3
CVE-2017-14696
SaltStack Salt prior to 2016.3.8, 2016.11.x prior to 2016.11.8, and 2017.7.x prior to 2017.7.2 allows remote malicious users to cause a denial of service via a crafted authentication request.
Saltstack Salt
Saltstack Salt 2016.11
Saltstack Salt 2016.11.0
Saltstack Salt 2016.11.1
Saltstack Salt 2016.11.2
Saltstack Salt 2017.7.0
Saltstack Salt 2016.11.4
Saltstack Salt 2016.11.5
Saltstack Salt 2016.11.6
Saltstack Salt 2016.11.7
Saltstack Salt 2016.11.3
Saltstack Salt 2017.7.1
9.8
CVSSv3
CVE-2017-14695
Directory traversal vulnerability in minion id validation in SaltStack Salt prior to 2016.3.8, 2016.11.x prior to 2016.11.8, and 2017.7.x prior to 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerabili...
Saltstack Salt 2016.11.0
Saltstack Salt 2016.11
Saltstack Salt
Saltstack Salt 2017.7.0
Saltstack Salt 2016.11.2
Saltstack Salt 2016.11.1
Saltstack Salt 2016.11.7
Saltstack Salt 2016.11.6
Saltstack Salt 2016.11.5
Saltstack Salt 2016.11.4
Saltstack Salt 2017.7.1
Saltstack Salt 2016.11.3
8.8
CVSSv3
CVE-2017-5192
When using the local_batch client from salt-api in SaltStack Salt prior to 2015.8.13, 2016.3.x prior to 2016.3.5, and 2016.11.x prior to 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed.
Saltstack Salt 2016.3.3
Saltstack Salt
Saltstack Salt 2016.11.0
Saltstack Salt 2016.11.1
Saltstack Salt 2016.11.2
Saltstack Salt 2016.3.0
Saltstack Salt 2016.3.1
Saltstack Salt 2016.3.2
Saltstack Salt 2016.3.4
8.8
CVSSv3
CVE-2017-5200
Salt-api in SaltStack Salt prior to 2015.8.13, 2016.3.x prior to 2016.3.5, and 2016.11.x prior to 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.
Saltstack Salt 2016.11.0
Saltstack Salt 2016.3.4
Saltstack Salt 2016.11.2
Saltstack Salt 2016.3.0
Saltstack Salt 2016.3.1
Saltstack Salt 2016.3.2
Saltstack Salt 2016.11.1
Saltstack Salt 2016.3.3
Saltstack Salt
7.8
CVSSv3
CVE-2017-8109
The salt-ssh minion code in SaltStack Salt 2016.11 prior to 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).
Saltstack Salt 2016.11.2
Saltstack Salt 2016.11.0
Saltstack Salt 2016.11
Saltstack Salt 2016.11.1
Saltstack Salt 2016.11.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started