Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
saltstack salt vulnerabilities and exploits
(subscribe to this query)
4.4
CVSSv2
CVE-2020-28243
An issue exists in SaltStack Salt prior to 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory.
Saltstack Salt
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
1 Github repository
1 Article
4.3
CVSSv2
CVE-2022-22935
An issue exists in SaltStack Salt in versions prior to 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM malicious user to force a minion process to stop by impersonating a master.
Saltstack Salt
4.3
CVSSv2
CVE-2020-28972
In SaltStack Salt prior to 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.
Saltstack Salt
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
4.3
CVSSv2
CVE-2016-3176
Salt prior to 2015.5.10 and 2015.8.x prior to 2015.8.8, when PAM external authentication is enabled, allows malicious users to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.
Saltstack Salt 2015.8.7
Saltstack Salt 2015.8.5
Saltstack Salt 2015.8.4
Saltstack Salt 2015.8.3
Saltstack Salt 2015.8.1
Saltstack Salt
Saltstack Salt 2015.8.2
Saltstack Salt 2015.8.0
4
CVSSv2
CVE-2020-11652
An issue exists in SaltStack Salt prior to 2019.2.4 and 3000 prior to 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
Saltstack Salt
Opensuse Leap 15.1
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
Blackberry Workspaces Server 9.1.0
Blackberry Workspaces Server
Vmware Application Remote Collector 8.0.0
Vmware Application Remote Collector 7.5.0
12 Github repositories
4 Articles
3.5
CVSSv2
CVE-2015-6918
salt prior to 2015.5.5 leaks git usernames and passwords to the log.
Saltstack Salt 2015
2.1
CVSSv2
CVE-2020-17490
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.
Saltstack Salt 3001
Saltstack Salt
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 Article
2.1
CVSSv2
CVE-2017-8109
The salt-ssh minion code in SaltStack Salt 2016.11 prior to 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).
Saltstack Salt 2016.11.2
Saltstack Salt 2016.11.0
Saltstack Salt 2016.11
Saltstack Salt 2016.11.1
Saltstack Salt 2016.11.3
2.1
CVSSv2
CVE-2015-8034
The state.sls function in Salt prior to 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.
Saltstack Salt
1.9
CVSSv2
CVE-2021-25284
An issue exists in through SaltStack Salt prior to 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
Saltstack Salt
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »