Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
saltstack salt vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2015-6941
win_useradd, salt-cloud and the Linode driver in salt 2015.5.x prior to 2015.5.6, and 2015.8.x prior to 2015.8.1 leak password information in debug logs.
Saltstack Salt 2015 8.0
Saltstack Salt 2015 5.0
Saltstack Salt 2015 5.5
Saltstack Salt 2015 5.2
Saltstack Salt 2015 5.4
Saltstack Salt 2015 5.1
Saltstack Salt 2015 5.3
8.1
CVSSv3
CVE-2016-1866
Salt 2015.8.x prior to 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle malicious users to execute arbitrary code by inserting packets into the minion-master data stream.
Saltstack Salt 2015.8.3
Saltstack Salt 2015.8.1
Saltstack Salt 2015.8.2
Saltstack Salt 2015.8.0
Opensuse Leap 42.1
9.8
CVSSv3
CVE-2017-12791
Directory traversal vulnerability in minion id validation in SaltStack Salt prior to 2016.11.7 and 2017.7.x prior to 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.
Saltstack Salt 2017.7.0
Saltstack Salt
9.8
CVSSv3
CVE-2019-1010259
SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from the MySQL module for Salt. The attack vector is: sp...
Saltstack Salt 2018 3.0
Saltstack Salt 2019 2.0
5.5
CVSSv3
CVE-2020-17490
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.
Saltstack Salt 3001
Saltstack Salt
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 Article
9.8
CVSSv3
CVE-2020-25592
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.
Saltstack Salt 3001
Saltstack Salt
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 Github repository
1 Article
9.8
CVSSv3
CVE-2020-16846
An issue exists in SaltStack Salt up to and including 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
Saltstack Salt 3001
Saltstack Salt
Debian Debian Linux 9.0
Debian Debian Linux 10.0
2 Github repositories
1 Article
5.3
CVSSv3
CVE-2018-15750
Directory Traversal vulnerability in salt-api in SaltStack Salt prior to 2017.7.8 and 2018.3.x prior to 2018.3.3 allows remote malicious users to determine which files exist on the server.
Saltstack Salt
9.8
CVSSv3
CVE-2018-15751
SaltStack Salt prior to 2017.7.8 and 2018.3.x prior to 2018.3.3 allow remote malicious users to bypass authentication and execute arbitrary commands via salt-api(netapi).
Saltstack Salt
NA
CVE-2014-3563
Multiple unspecified vulnerabilities in Salt (aka SaltStack) prior to 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.
Saltstack Salt
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »