Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
saltstack salt vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2018-15750
Directory Traversal vulnerability in salt-api in SaltStack Salt prior to 2017.7.8 and 2018.3.x prior to 2018.3.3 allows remote malicious users to determine which files exist on the server.
Saltstack Salt
5.3
CVSSv3
CVE-2015-1838
modules/serverdensity_device.py in SaltStack prior to 2014.7.4 does not properly handle files in /tmp.
Saltstack Salt
Fedoraproject Fedora 23
5.3
CVSSv3
CVE-2015-1839
modules/chef.py in SaltStack prior to 2014.7.4 does not properly handle files in /tmp.
Saltstack Salt
Fedoraproject Fedora 23
4.4
CVSSv3
CVE-2021-25284
An issue exists in through SaltStack Salt prior to 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
Saltstack Salt
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
3.7
CVSSv3
CVE-2022-22935
An issue exists in SaltStack Salt in versions prior to 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM malicious user to force a minion process to stop by impersonating a master.
Saltstack Salt
3.3
CVSSv3
CVE-2015-8034
The state.sls function in Salt prior to 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.
Saltstack Salt
NA
CVE_2022_40684
Official Writeup - Simple CTF 2.0 Created: April 23, 2024 7:50 PM Today I completed an other room on TryHackMe with a simple file-upload vulnerability which I built. I have tried for dancing around this whole CTF machine and getting a lot of walls of challenges in the end it co...
1 Github repository
NA
CVE-2014-3563
Multiple unspecified vulnerabilities in Salt (aka SaltStack) prior to 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.
Saltstack Salt
NA
CVE-2013-4435
Salt (aka SaltStack) 0.15.0 up to and including 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine.
Saltstack Salt 0.15.0
Saltstack Salt 0.15.1
Saltstack Salt 0.17.0
Saltstack Salt 0.16.0
Saltstack Salt 0.16.3
Saltstack Salt 0.16.2
Saltstack Salt 0.16.4
NA
CVE-2013-4437
Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp."
Saltstack Salt 0.17.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »