Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
saltstack vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2015-6941
win_useradd, salt-cloud and the Linode driver in salt 2015.5.x prior to 2015.5.6, and 2015.8.x prior to 2015.8.1 leak password information in debug logs.
Saltstack Salt 2015 8.0
Saltstack Salt 2015 5.0
Saltstack Salt 2015 5.5
Saltstack Salt 2015 5.2
Saltstack Salt 2015 5.4
Saltstack Salt 2015 5.1
Saltstack Salt 2015 5.3
383
VMScore
CVE-2013-2228
SaltStack RSA Key Generation allows remote users to decrypt communications
Saltstack Saltstack
605
VMScore
CVE-2016-1866
Salt 2015.8.x prior to 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle malicious users to execute arbitrary code by inserting packets into the minion-master data stream.
Saltstack Salt 2015.8.3
Saltstack Salt 2015.8.1
Saltstack Salt 2015.8.2
Saltstack Salt 2015.8.0
Opensuse Leap 42.1
668
VMScore
CVE-2017-12791
Directory traversal vulnerability in minion id validation in SaltStack Salt prior to 2016.11.7 and 2017.7.x prior to 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.
Saltstack Salt 2017.7.0
Saltstack Salt
668
VMScore
CVE-2019-1010259
SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from the MySQL module for Salt. The attack vector is: sp...
Saltstack Salt 2018 3.0
Saltstack Salt 2019 2.0
187
VMScore
CVE-2020-17490
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.
Saltstack Salt 3001
Saltstack Salt
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 Article
668
VMScore
CVE-2020-25592
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.
Saltstack Salt 3001
Saltstack Salt
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 Github repository
1 Article
668
VMScore
CVE-2020-16846
An issue exists in SaltStack Salt up to and including 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
Saltstack Salt 3001
Saltstack Salt
Debian Debian Linux 9.0
Debian Debian Linux 10.0
2 Github repositories
1 Article
409
VMScore
CVE-2021-25315
CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local malicious users to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP ...
Saltstack Salt
605
VMScore
CVE-2018-1999027
An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and previous versions in SaltAPIBuilder.java, SaltAPIStep.java that allows malicious users to capture credentials with a known credentials ID stored in Jenkins.
Jenkins Saltstack
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »