Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
saltstack vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2020-35662
In SaltStack Salt prior to 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.
Saltstack Salt
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
7.5
CVSSv2
CVE-2021-3144
In SaltStack Salt prior to 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
Saltstack Salt
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
7.5
CVSSv2
CVE-2021-3197
An issue exists in SaltStack Salt prior to 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.
Saltstack Salt
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
7.5
CVSSv2
CVE-2020-25592
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.
Saltstack Salt 3001
Saltstack Salt
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 Github repository
1 Article
7.5
CVSSv2
CVE-2020-16846
An issue exists in SaltStack Salt up to and including 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
Saltstack Salt 3001
Saltstack Salt
Debian Debian Linux 9.0
Debian Debian Linux 10.0
2 Github repositories
1 Article
2.1
CVSSv2
CVE-2020-17490
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.
Saltstack Salt 3001
Saltstack Salt
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 Article
7.5
CVSSv2
CVE-2020-11651
An issue exists in SaltStack Salt prior to 2019.2.4 and 3000 prior to 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user toke...
Saltstack Salt
Opensuse Leap 15.1
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
Vmware Application Remote Collector 8.0.0
Vmware Application Remote Collector 7.5.0
17 Github repositories
4 Articles
4
CVSSv2
CVE-2020-11652
An issue exists in SaltStack Salt prior to 2019.2.4 and 3000 prior to 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
Saltstack Salt
Opensuse Leap 15.1
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
Blackberry Workspaces Server 9.1.0
Blackberry Workspaces Server
Vmware Application Remote Collector 8.0.0
Vmware Application Remote Collector 7.5.0
12 Github repositories
4 Articles
6.8
CVSSv2
CVE-2019-17361
In SaltStack Salt up to and including 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.
Saltstack Salt
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
5
CVSSv2
CVE-2020-2559
Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: UIF Open UI). Supported versions that are affected are 19.7 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework...
Oracle Siebel Ui Framework
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »