IDCVSSSummaryLast (major) updatePublished
CVE-2018-15751 7.5
SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).
24-10-2018 - 18:29 24-10-2018 - 18:29
CVE-2018-15750 5.0
Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.
24-10-2018 - 18:29 24-10-2018 - 18:29
CVE-2017-7893 7.5
In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master.
23-04-2018 - 18:29 23-04-2018 - 18:29
CVE-2017-14696 5.0
SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request.
24-10-2017 - 13:29 24-10-2017 - 13:29
CVE-2017-14695 7.5
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID
24-10-2017 - 13:29 24-10-2017 - 13:29
CVE-2015-6918 3.5
salt before 2015.5.5 leaks git usernames and passwords to the log.
10-10-2017 - 12:29 10-10-2017 - 12:29
CVE-2017-5200 9.0
Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.
26-09-2017 - 10:29 26-09-2017 - 10:29
CVE-2017-5192 6.5
When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed.
26-09-2017 - 10:29 26-09-2017 - 10:29
CVE-2015-4017 5.0
Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules.
25-08-2017 - 14:29 25-08-2017 - 14:29
CVE-2017-12791 7.5
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.
23-08-2017 - 10:29 23-08-2017 - 10:29
CVE-2015-6941 5.0
win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs.
09-08-2017 - 12:29 09-08-2017 - 12:29
CVE-2017-8109 2.1
The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).
05-05-2017 - 13:58 25-04-2017 - 13:59
CVE-2015-1839 4.6
modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
19-04-2017 - 15:36 13-04-2017 - 10:59
CVE-2015-1838 4.6
modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
19-04-2017 - 15:35 13-04-2017 - 10:59
CVE-2015-8034 2.1
The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.
01-03-2017 - 21:59 30-01-2017 - 17:59
CVE-2016-9639 7.5
Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.
09-02-2017 - 17:08 07-02-2017 - 12:59
CVE-2016-3176 4.3
Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.
07-02-2017 - 13:41 31-01-2017 - 14:59
CVE-2016-1866 6.8
Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master data stream.
21-04-2016 - 15:13 12-04-2016 - 10:59
CVE-2014-3563 7.2
Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.
27-08-2014 - 20:24 22-08-2014 - 13:55
CVE-2013-4435 6.0
Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine.
07-11-2013 - 14:42 05-11-2013 - 13:55
CVE-2013-4436 9.3
The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle (MITM) attack.
07-11-2013 - 14:40 05-11-2013 - 13:55
CVE-2013-4437 10.0
Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp."
07-11-2013 - 14:36 05-11-2013 - 13:55
CVE-2013-4438 7.5
Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to be loaded has already been determined to be safe.
07-11-2013 - 14:30 05-11-2013 - 13:55
CVE-2013-4439 4.9
Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key.
06-11-2013 - 20:29 05-11-2013 - 13:55
CVE-2013-6617 10.0
The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges.
06-11-2013 - 09:36 05-11-2013 - 13:55
Back to Top Mark selected
Back to Top