Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
saltstack salt vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2017-14696
SaltStack Salt prior to 2016.3.8, 2016.11.x prior to 2016.11.8, and 2017.7.x prior to 2017.7.2 allows remote malicious users to cause a denial of service via a crafted authentication request.
Saltstack Salt
Saltstack Salt 2016.11
Saltstack Salt 2016.11.0
Saltstack Salt 2016.11.1
Saltstack Salt 2016.11.2
Saltstack Salt 2017.7.0
Saltstack Salt 2016.11.4
Saltstack Salt 2016.11.5
Saltstack Salt 2016.11.6
Saltstack Salt 2016.11.7
Saltstack Salt 2016.11.3
Saltstack Salt 2017.7.1
7.5
CVSSv3
CVE-2015-4017
Salt prior to 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules.
Saltstack Salt 2014.7.5
7.4
CVSSv3
CVE-2020-35662
In SaltStack Salt prior to 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.
Saltstack Salt
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
6.5
CVSSv3
CVE-2020-11652
An issue exists in SaltStack Salt prior to 2019.2.4 and 3000 prior to 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
Saltstack Salt
Opensuse Leap 15.1
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
Blackberry Workspaces Server 9.1.0
Blackberry Workspaces Server
Vmware Application Remote Collector 8.0.0
Vmware Application Remote Collector 7.5.0
12 Github repositories
4 Articles
6.4
CVSSv3
CVE-2021-22004
An issue exists in SaltStack Salt prior to 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion softwa...
Saltstack Salt
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
6.3
CVSSv3
CVE-2015-6918
salt prior to 2015.5.5 leaks git usernames and passwords to the log.
Saltstack Salt 2015
5.9
CVSSv3
CVE-2020-28972
In SaltStack Salt prior to 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.
Saltstack Salt
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
5.6
CVSSv3
CVE-2016-3176
Salt prior to 2015.5.10 and 2015.8.x prior to 2015.8.8, when PAM external authentication is enabled, allows malicious users to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.
Saltstack Salt 2015.8.7
Saltstack Salt 2015.8.5
Saltstack Salt 2015.8.4
Saltstack Salt 2015.8.3
Saltstack Salt 2015.8.1
Saltstack Salt
Saltstack Salt 2015.8.2
Saltstack Salt 2015.8.0
5.5
CVSSv3
CVE-2020-17490
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.
Saltstack Salt 3001
Saltstack Salt
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 Article
5.3
CVSSv3
CVE-2023-20897
Salt masters before 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted.
Saltstack Salt
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »