Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
saltstack vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2021-25282
An issue exists in through SaltStack Salt prior to 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.
Saltstack Salt
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
1 Github repository
4.4
CVSSv3
CVE-2021-25284
An issue exists in through SaltStack Salt prior to 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
Saltstack Salt
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
9.8
CVSSv3
CVE-2021-3148
An issue exists in SaltStack Salt prior to 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
Saltstack Salt
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
5.5
CVSSv3
CVE-2020-17490
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.
Saltstack Salt 3001
Saltstack Salt
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 Article
9.8
CVSSv3
CVE-2020-25592
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.
Saltstack Salt 3001
Saltstack Salt
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 Github repository
1 Article
9.8
CVSSv3
CVE-2020-16846
An issue exists in SaltStack Salt up to and including 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
Saltstack Salt 3001
Saltstack Salt
Debian Debian Linux 9.0
Debian Debian Linux 10.0
2 Github repositories
1 Article
9.8
CVSSv3
CVE-2020-11651
An issue exists in SaltStack Salt prior to 2019.2.4 and 3000 prior to 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user toke...
Saltstack Salt
Opensuse Leap 15.1
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
Vmware Application Remote Collector 8.0.0
Vmware Application Remote Collector 7.5.0
17 Github repositories
4 Articles
6.5
CVSSv3
CVE-2020-11652
An issue exists in SaltStack Salt prior to 2019.2.4 and 3000 prior to 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
Saltstack Salt
Opensuse Leap 15.1
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
Blackberry Workspaces Server 9.1.0
Blackberry Workspaces Server
Vmware Application Remote Collector 8.0.0
Vmware Application Remote Collector 7.5.0
12 Github repositories
4 Articles
9.8
CVSSv3
CVE-2019-17361
In SaltStack Salt up to and including 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.
Saltstack Salt
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
5.3
CVSSv3
CVE-2020-2559
Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: UIF Open UI). Supported versions that are affected are 19.7 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework...
Oracle Siebel Ui Framework
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »