Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
saltstack salt vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2018-15750
Directory Traversal vulnerability in salt-api in SaltStack Salt prior to 2017.7.8 and 2018.3.x prior to 2018.3.3 allows remote malicious users to determine which files exist on the server.
Saltstack Salt
5
CVSSv2
CVE-2017-14696
SaltStack Salt prior to 2016.3.8, 2016.11.x prior to 2016.11.8, and 2017.7.x prior to 2017.7.2 allows remote malicious users to cause a denial of service via a crafted authentication request.
Saltstack Salt
Saltstack Salt 2016.11
Saltstack Salt 2016.11.0
Saltstack Salt 2016.11.1
Saltstack Salt 2016.11.2
Saltstack Salt 2017.7.0
Saltstack Salt 2016.11.4
Saltstack Salt 2016.11.5
Saltstack Salt 2016.11.6
Saltstack Salt 2016.11.7
Saltstack Salt 2016.11.3
Saltstack Salt 2017.7.1
5
CVSSv2
CVE-2015-4017
Salt prior to 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules.
Saltstack Salt 2014.7.5
5
CVSSv2
CVE-2015-6941
win_useradd, salt-cloud and the Linode driver in salt 2015.5.x prior to 2015.5.6, and 2015.8.x prior to 2015.8.1 leak password information in debug logs.
Saltstack Salt 2015 8.0
Saltstack Salt 2015 5.0
Saltstack Salt 2015 5.5
Saltstack Salt 2015 5.2
Saltstack Salt 2015 5.4
Saltstack Salt 2015 5.1
Saltstack Salt 2015 5.3
4.9
CVSSv2
CVE-2013-4439
Salt (aka SaltStack) prior to 0.15.0 up to and including 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key.
Saltstack Salt 0.15.0
Saltstack Salt 0.15.1
Saltstack Salt 0.16.0
Saltstack Salt 0.16.2
Saltstack Salt 0.16.3
Saltstack Salt 0.16.4
Saltstack Salt 0.17.0
4.6
CVSSv2
CVE-2021-31607
In SaltStack Salt 2016.9 up to and including 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master...
Saltstack Salt
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
4.6
CVSSv2
CVE-2021-25315
CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local malicious users to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP ...
Saltstack Salt
4.6
CVSSv2
CVE-2015-1838
modules/serverdensity_device.py in SaltStack prior to 2014.7.4 does not properly handle files in /tmp.
Saltstack Salt
Fedoraproject Fedora 23
4.6
CVSSv2
CVE-2015-1839
modules/chef.py in SaltStack prior to 2014.7.4 does not properly handle files in /tmp.
Saltstack Salt
Fedoraproject Fedora 23
4.4
CVSSv2
CVE-2021-22004
An issue exists in SaltStack Salt prior to 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion softwa...
Saltstack Salt
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »