Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
saltstack salt vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-15751
SaltStack Salt prior to 2017.7.8 and 2018.3.x prior to 2018.3.3 allow remote malicious users to bypass authentication and execute arbitrary commands via salt-api(netapi).
Saltstack Salt
9.8
CVSSv3
CVE-2017-7893
In SaltStack Salt prior to 2016.3.6, compromised salt-minions can impersonate the salt-master.
Saltstack Salt
9.8
CVSSv3
CVE-2017-14695
Directory traversal vulnerability in minion id validation in SaltStack Salt prior to 2016.3.8, 2016.11.x prior to 2016.11.8, and 2017.7.x prior to 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerabili...
Saltstack Salt 2016.11.0
Saltstack Salt 2016.11
Saltstack Salt
Saltstack Salt 2017.7.0
Saltstack Salt 2016.11.2
Saltstack Salt 2016.11.1
Saltstack Salt 2016.11.7
Saltstack Salt 2016.11.6
Saltstack Salt 2016.11.5
Saltstack Salt 2016.11.4
Saltstack Salt 2017.7.1
Saltstack Salt 2016.11.3
9.8
CVSSv3
CVE-2017-12791
Directory traversal vulnerability in minion id validation in SaltStack Salt prior to 2016.11.7 and 2017.7.x prior to 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.
Saltstack Salt 2017.7.0
Saltstack Salt
9.8
CVSSv3
CVE-2015-6941
win_useradd, salt-cloud and the Linode driver in salt 2015.5.x prior to 2015.5.6, and 2015.8.x prior to 2015.8.1 leak password information in debug logs.
Saltstack Salt 2015 8.0
Saltstack Salt 2015 5.0
Saltstack Salt 2015 5.5
Saltstack Salt 2015 5.2
Saltstack Salt 2015 5.4
Saltstack Salt 2015 5.1
Saltstack Salt 2015 5.3
9.1
CVSSv3
CVE-2021-3144
In SaltStack Salt prior to 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
Saltstack Salt
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
9.1
CVSSv3
CVE-2021-25282
An issue exists in through SaltStack Salt prior to 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.
Saltstack Salt
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
1 Github repository
8.8
CVSSv3
CVE-2022-22967
An issue exists in SaltStack Salt in versions prior to 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts ...
Saltstack Salt
8.8
CVSSv3
CVE-2022-22934
An issue exists in SaltStack Salt in versions prior to 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data.
Saltstack Salt
8.8
CVSSv3
CVE-2022-22936
An issue exists in SaltStack Salt in versions prior to 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-play...
Saltstack Salt
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36920
buffer overflow
CVE-2024-36913
CVE-2024-5497
CVE-2024-23917
CVE-2024-4956
server-side request forgery
CVE-2024-35468
SSTI
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »