Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
saltstack salt vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-20898
Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters before 3005.2 or 3006.2. Anything that uses Git Providers with different environments can get garbage data or the wrong data, which can lead to wrongful data disc...
Saltstack Salt
890
VMScore
CVE-2013-4437
Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp."
Saltstack Salt 0.17.0
445
VMScore
CVE-2015-4017
Salt prior to 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules.
Saltstack Salt 2014.7.5
312
VMScore
CVE-2015-6918
salt prior to 2015.5.5 leaks git usernames and passwords to the log.
Saltstack Salt 2015
828
VMScore
CVE-2013-4436
The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote malicious users to have unspecified impact via a man-in-the-middle (MITM) attack.
Saltstack Salt 0.17.0
409
VMScore
CVE-2015-1839
modules/chef.py in SaltStack prior to 2014.7.4 does not properly handle files in /tmp.
Saltstack Salt
Fedoraproject Fedora 23
409
VMScore
CVE-2015-1838
modules/serverdensity_device.py in SaltStack prior to 2014.7.4 does not properly handle files in /tmp.
Saltstack Salt
Fedoraproject Fedora 23
392
VMScore
CVE-2021-22004
An issue exists in SaltStack Salt prior to 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion softwa...
Saltstack Salt
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
410
VMScore
CVE-2021-31607
In SaltStack Salt 2016.9 up to and including 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master...
Saltstack Salt
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
605
VMScore
CVE-2019-17361
In SaltStack Salt up to and including 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.
Saltstack Salt
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »