Search criteria
56 vulnerabilities by saltstack
CVE-2019-1010259 (GCVE-0-2019-1010259)
Vulnerability from cvelistv5 – Published: 2019-07-18 16:33 – Updated: 2024-08-05 03:07
VLAI?
Summary
SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from the MySQL module for Salt. The attack vector is: specially crafted password string. The fixed version is: 2018.3.4.
Severity ?
No CVSS data available.
CWE
- SQL Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:07:18.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saltstack/salt/blob/f22de0887cd7167887f113bf394244b74fb36b6b/salt/modules/mysql.py#L1534"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ShantonRU/salt/commit/a46c86a987c78e74e87969d8d3b27094e6544b7a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saltstack/salt/pull/51462"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Salt",
"vendor": "SaltStack",
"versions": [
{
"status": "affected",
"version": "2018.3, 2019.2 [fixed: 2018.3.4]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from the MySQL module for Salt. The attack vector is: specially crafted password string. The fixed version is: 2018.3.4."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-13T17:48:32",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saltstack/salt/blob/f22de0887cd7167887f113bf394244b74fb36b6b/salt/modules/mysql.py#L1534"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ShantonRU/salt/commit/a46c86a987c78e74e87969d8d3b27094e6544b7a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saltstack/salt/pull/51462"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010259",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Salt",
"version": {
"version_data": [
{
"version_value": "2018.3, 2019.2 [fixed: 2018.3.4]"
}
]
}
}
]
},
"vendor_name": "SaltStack"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from the MySQL module for Salt. The attack vector is: specially crafted password string. The fixed version is: 2018.3.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/saltstack/salt/blob/f22de0887cd7167887f113bf394244b74fb36b6b/salt/modules/mysql.py#L1534",
"refsource": "MISC",
"url": "https://github.com/saltstack/salt/blob/f22de0887cd7167887f113bf394244b74fb36b6b/salt/modules/mysql.py#L1534"
},
{
"name": "https://github.com/ShantonRU/salt/commit/a46c86a987c78e74e87969d8d3b27094e6544b7a",
"refsource": "MISC",
"url": "https://github.com/ShantonRU/salt/commit/a46c86a987c78e74e87969d8d3b27094e6544b7a"
},
{
"name": "https://github.com/saltstack/salt/pull/51462",
"refsource": "MISC",
"url": "https://github.com/saltstack/salt/pull/51462"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1010259",
"datePublished": "2019-07-18T16:33:35",
"dateReserved": "2019-03-20T00:00:00",
"dateUpdated": "2024-08-05T03:07:18.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15750 (GCVE-0-2018-15750)
Vulnerability from cvelistv5 – Published: 2018-10-24 22:00 – Updated: 2024-08-05 10:01
VLAI?
Summary
Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.saltstack.com/en/2017.7/topics/releases/2017.7.8.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html"
},
{
"name": "[salt-users] 20181024 2018.3.3 Released - Security Advisory",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/d/msg/salt-users/L9xqcJ0UXxs/qgDj42obBQAJ"
},
{
"name": "[salt-users] 20181024 2017.7.8 Released - Security Advisory",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/d/msg/salt-users/dimVF7rpphY/jn3Xv3MbBQAJ"
},
{
"name": "openSUSE-SU-2020:1074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html"
},
{
"name": "[debian-lts-announce] 20200728 [SECURITY] [DLA 2294-1] salt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00024.html"
},
{
"name": "USN-4459-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4459-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-19T18:06:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.saltstack.com/en/2017.7/topics/releases/2017.7.8.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html"
},
{
"name": "[salt-users] 20181024 2018.3.3 Released - Security Advisory",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/d/msg/salt-users/L9xqcJ0UXxs/qgDj42obBQAJ"
},
{
"name": "[salt-users] 20181024 2017.7.8 Released - Security Advisory",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/d/msg/salt-users/dimVF7rpphY/jn3Xv3MbBQAJ"
},
{
"name": "openSUSE-SU-2020:1074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html"
},
{
"name": "[debian-lts-announce] 20200728 [SECURITY] [DLA 2294-1] salt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00024.html"
},
{
"name": "USN-4459-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4459-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15750",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.saltstack.com/en/2017.7/topics/releases/2017.7.8.html",
"refsource": "CONFIRM",
"url": "https://docs.saltstack.com/en/2017.7/topics/releases/2017.7.8.html"
},
{
"name": "https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html",
"refsource": "CONFIRM",
"url": "https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html"
},
{
"name": "[salt-users] 20181024 2018.3.3 Released - Security Advisory",
"refsource": "MLIST",
"url": "https://groups.google.com/d/msg/salt-users/L9xqcJ0UXxs/qgDj42obBQAJ"
},
{
"name": "[salt-users] 20181024 2017.7.8 Released - Security Advisory",
"refsource": "MLIST",
"url": "https://groups.google.com/d/msg/salt-users/dimVF7rpphY/jn3Xv3MbBQAJ"
},
{
"name": "openSUSE-SU-2020:1074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html"
},
{
"name": "[debian-lts-announce] 20200728 [SECURITY] [DLA 2294-1] salt security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00024.html"
},
{
"name": "USN-4459-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4459-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15750",
"datePublished": "2018-10-24T22:00:00",
"dateReserved": "2018-08-23T00:00:00",
"dateUpdated": "2024-08-05T10:01:54.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15751 (GCVE-0-2018-15751)
Vulnerability from cvelistv5 – Published: 2018-10-24 22:00 – Updated: 2024-08-05 10:01
VLAI?
Summary
SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.saltstack.com/en/2017.7/topics/releases/2017.7.8.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html"
},
{
"name": "[salt-users] 20181024 2018.3.3 Released - Security Advisory",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/d/msg/salt-users/L9xqcJ0UXxs/qgDj42obBQAJ"
},
{
"name": "[salt-users] 20181024 2017.7.8 Released - Security Advisory",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/d/msg/salt-users/dimVF7rpphY/jn3Xv3MbBQAJ"
},
{
"name": "openSUSE-SU-2020:1074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html"
},
{
"name": "[debian-lts-announce] 20200728 [SECURITY] [DLA 2294-1] salt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00024.html"
},
{
"name": "USN-4459-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4459-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-19T18:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.saltstack.com/en/2017.7/topics/releases/2017.7.8.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html"
},
{
"name": "[salt-users] 20181024 2018.3.3 Released - Security Advisory",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/d/msg/salt-users/L9xqcJ0UXxs/qgDj42obBQAJ"
},
{
"name": "[salt-users] 20181024 2017.7.8 Released - Security Advisory",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/d/msg/salt-users/dimVF7rpphY/jn3Xv3MbBQAJ"
},
{
"name": "openSUSE-SU-2020:1074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html"
},
{
"name": "[debian-lts-announce] 20200728 [SECURITY] [DLA 2294-1] salt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00024.html"
},
{
"name": "USN-4459-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4459-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.saltstack.com/en/2017.7/topics/releases/2017.7.8.html",
"refsource": "CONFIRM",
"url": "https://docs.saltstack.com/en/2017.7/topics/releases/2017.7.8.html"
},
{
"name": "https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html",
"refsource": "CONFIRM",
"url": "https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html"
},
{
"name": "[salt-users] 20181024 2018.3.3 Released - Security Advisory",
"refsource": "MLIST",
"url": "https://groups.google.com/d/msg/salt-users/L9xqcJ0UXxs/qgDj42obBQAJ"
},
{
"name": "[salt-users] 20181024 2017.7.8 Released - Security Advisory",
"refsource": "MLIST",
"url": "https://groups.google.com/d/msg/salt-users/dimVF7rpphY/jn3Xv3MbBQAJ"
},
{
"name": "openSUSE-SU-2020:1074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html"
},
{
"name": "[debian-lts-announce] 20200728 [SECURITY] [DLA 2294-1] salt security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00024.html"
},
{
"name": "USN-4459-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4459-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15751",
"datePublished": "2018-10-24T22:00:00",
"dateReserved": "2018-08-23T00:00:00",
"dateUpdated": "2024-08-05T10:01:54.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7893 (GCVE-0-2017-7893)
Vulnerability from cvelistv5 – Published: 2018-04-23 22:00 – Updated: 2024-08-05 16:19
VLAI?
Summary
In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:28.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.saltstack.com/en/2017.7/topics/releases/2016.3.6.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-23T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.saltstack.com/en/2017.7/topics/releases/2016.3.6.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.saltstack.com/en/2017.7/topics/releases/2016.3.6.html",
"refsource": "CONFIRM",
"url": "https://docs.saltstack.com/en/2017.7/topics/releases/2016.3.6.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7893",
"datePublished": "2018-04-23T22:00:00",
"dateReserved": "2017-04-17T00:00:00",
"dateUpdated": "2024-08-05T16:19:28.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14695 (GCVE-0-2017-14695)
Vulnerability from cvelistv5 – Published: 2017-10-24 17:00 – Updated: 2024-08-05 19:34
VLAI?
Summary
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12791.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:39.872Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2016.3.8.html"
},
{
"name": "openSUSE-SU-2017:2824",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-10/msg00075.html"
},
{
"name": "openSUSE-SU-2017:2822",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-10/msg00073.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500748"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2016.11.8.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/saltstack/salt/commit/80d90307b07b3703428ecbb7c8bb468e28a9ae6d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12791."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-24T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2016.3.8.html"
},
{
"name": "openSUSE-SU-2017:2824",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-10/msg00075.html"
},
{
"name": "openSUSE-SU-2017:2822",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-10/msg00073.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500748"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2016.11.8.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/saltstack/salt/commit/80d90307b07b3703428ecbb7c8bb468e28a9ae6d"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12791."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.saltstack.com/en/latest/topics/releases/2016.3.8.html",
"refsource": "CONFIRM",
"url": "https://docs.saltstack.com/en/latest/topics/releases/2016.3.8.html"
},
{
"name": "openSUSE-SU-2017:2824",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-10/msg00075.html"
},
{
"name": "openSUSE-SU-2017:2822",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-10/msg00073.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1500748",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500748"
},
{
"name": "https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html",
"refsource": "CONFIRM",
"url": "https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html"
},
{
"name": "https://docs.saltstack.com/en/latest/topics/releases/2016.11.8.html",
"refsource": "CONFIRM",
"url": "https://docs.saltstack.com/en/latest/topics/releases/2016.11.8.html"
},
{
"name": "https://github.com/saltstack/salt/commit/80d90307b07b3703428ecbb7c8bb468e28a9ae6d",
"refsource": "CONFIRM",
"url": "https://github.com/saltstack/salt/commit/80d90307b07b3703428ecbb7c8bb468e28a9ae6d"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14695",
"datePublished": "2017-10-24T17:00:00",
"dateReserved": "2017-09-22T00:00:00",
"dateUpdated": "2024-08-05T19:34:39.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14696 (GCVE-0-2017-14696)
Vulnerability from cvelistv5 – Published: 2017-10-24 17:00 – Updated: 2024-08-05 19:34
VLAI?
Summary
SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:39.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2016.3.8.html"
},
{
"name": "openSUSE-SU-2017:2824",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-10/msg00075.html"
},
{
"name": "openSUSE-SU-2017:2822",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-10/msg00073.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/saltstack/salt/commit/5f8b5e1a0f23fe0f2be5b3c3e04199b57a53db5b"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2016.11.8.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500742"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-24T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2016.3.8.html"
},
{
"name": "openSUSE-SU-2017:2824",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-10/msg00075.html"
},
{
"name": "openSUSE-SU-2017:2822",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-10/msg00073.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/saltstack/salt/commit/5f8b5e1a0f23fe0f2be5b3c3e04199b57a53db5b"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2016.11.8.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500742"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.saltstack.com/en/latest/topics/releases/2016.3.8.html",
"refsource": "CONFIRM",
"url": "https://docs.saltstack.com/en/latest/topics/releases/2016.3.8.html"
},
{
"name": "openSUSE-SU-2017:2824",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-10/msg00075.html"
},
{
"name": "openSUSE-SU-2017:2822",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-10/msg00073.html"
},
{
"name": "https://github.com/saltstack/salt/commit/5f8b5e1a0f23fe0f2be5b3c3e04199b57a53db5b",
"refsource": "CONFIRM",
"url": "https://github.com/saltstack/salt/commit/5f8b5e1a0f23fe0f2be5b3c3e04199b57a53db5b"
},
{
"name": "https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html",
"refsource": "CONFIRM",
"url": "https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html"
},
{
"name": "https://docs.saltstack.com/en/latest/topics/releases/2016.11.8.html",
"refsource": "CONFIRM",
"url": "https://docs.saltstack.com/en/latest/topics/releases/2016.11.8.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1500742",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500742"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14696",
"datePublished": "2017-10-24T17:00:00",
"dateReserved": "2017-09-22T00:00:00",
"dateUpdated": "2024-08-05T19:34:39.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-6918 (GCVE-0-2015-6918)
Vulnerability from cvelistv5 – Published: 2017-10-10 16:00 – Updated: 2024-08-06 07:36
VLAI?
Summary
salt before 2015.5.5 leaks git usernames and passwords to the log.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:36:34.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/saltstack/salt/commit/28aa9b105804ff433d8f663b2f9b804f2b75495a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257154"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "salt before 2015.5.5 leaks git usernames and passwords to the log."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/saltstack/salt/commit/28aa9b105804ff433d8f663b2f9b804f2b75495a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257154"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "salt before 2015.5.5 leaks git usernames and passwords to the log."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/saltstack/salt/commit/28aa9b105804ff433d8f663b2f9b804f2b75495a",
"refsource": "CONFIRM",
"url": "https://github.com/saltstack/salt/commit/28aa9b105804ff433d8f663b2f9b804f2b75495a"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1257154",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257154"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-6918",
"datePublished": "2017-10-10T16:00:00",
"dateReserved": "2015-09-11T00:00:00",
"dateUpdated": "2024-08-06T07:36:34.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5192 (GCVE-0-2017-5192)
Vulnerability from cvelistv5 – Published: 2017-09-26 14:00 – Updated: 2024-08-05 14:55
VLAI?
Summary
When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.saltstack.com/en/2016.3/topics/releases/2015.8.13.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.saltstack.com/en/2016.3/topics/releases/2016.3.5.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2016.11.2.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-26T13:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.saltstack.com/en/2016.3/topics/releases/2015.8.13.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.saltstack.com/en/2016.3/topics/releases/2016.3.5.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2016.11.2.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5192",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.saltstack.com/en/2016.3/topics/releases/2015.8.13.html",
"refsource": "CONFIRM",
"url": "https://docs.saltstack.com/en/2016.3/topics/releases/2015.8.13.html"
},
{
"name": "https://docs.saltstack.com/en/2016.3/topics/releases/2016.3.5.html",
"refsource": "CONFIRM",
"url": "https://docs.saltstack.com/en/2016.3/topics/releases/2016.3.5.html"
},
{
"name": "https://docs.saltstack.com/en/latest/topics/releases/2016.11.2.html",
"refsource": "CONFIRM",
"url": "https://docs.saltstack.com/en/latest/topics/releases/2016.11.2.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5192",
"datePublished": "2017-09-26T14:00:00",
"dateReserved": "2017-01-06T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5200 (GCVE-0-2017-5200)
Vulnerability from cvelistv5 – Published: 2017-09-26 14:00 – Updated: 2024-08-05 14:55
VLAI?
Summary
Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.saltstack.com/en/2016.3/topics/releases/2015.8.13.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.saltstack.com/en/2016.3/topics/releases/2016.3.5.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2016.11.2.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt\u0027s ssh_client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-26T13:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.saltstack.com/en/2016.3/topics/releases/2015.8.13.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.saltstack.com/en/2016.3/topics/releases/2016.3.5.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2016.11.2.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt\u0027s ssh_client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.saltstack.com/en/2016.3/topics/releases/2015.8.13.html",
"refsource": "CONFIRM",
"url": "https://docs.saltstack.com/en/2016.3/topics/releases/2015.8.13.html"
},
{
"name": "https://docs.saltstack.com/en/2016.3/topics/releases/2016.3.5.html",
"refsource": "CONFIRM",
"url": "https://docs.saltstack.com/en/2016.3/topics/releases/2016.3.5.html"
},
{
"name": "https://docs.saltstack.com/en/latest/topics/releases/2016.11.2.html",
"refsource": "CONFIRM",
"url": "https://docs.saltstack.com/en/latest/topics/releases/2016.11.2.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5200",
"datePublished": "2017-09-26T14:00:00",
"dateReserved": "2017-01-06T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4017 (GCVE-0-2015-4017)
Vulnerability from cvelistv5 – Published: 2017-08-25 18:00 – Updated: 2024-08-06 06:04
VLAI?
Summary
Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:02.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2014.7.6.html"
},
{
"name": "[oss-security] 20150518 Re: [saltstack-security] CVE Request / Saltstack SSL verification disabling for alibabab cloud module",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/05/19/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21topic/salt-users/8Kv1bytGD6c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222960"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-25T17:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2014.7.6.html"
},
{
"name": "[oss-security] 20150518 Re: [saltstack-security] CVE Request / Saltstack SSL verification disabling for alibabab cloud module",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/05/19/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://groups.google.com/forum/#%21topic/salt-users/8Kv1bytGD6c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222960"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.saltstack.com/en/latest/topics/releases/2014.7.6.html",
"refsource": "CONFIRM",
"url": "https://docs.saltstack.com/en/latest/topics/releases/2014.7.6.html"
},
{
"name": "[oss-security] 20150518 Re: [saltstack-security] CVE Request / Saltstack SSL verification disabling for alibabab cloud module",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/05/19/2"
},
{
"name": "https://groups.google.com/forum/#!topic/salt-users/8Kv1bytGD6c",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/salt-users/8Kv1bytGD6c"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1222960",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222960"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4017",
"datePublished": "2017-08-25T18:00:00",
"dateReserved": "2015-05-18T00:00:00",
"dateUpdated": "2024-08-06T06:04:02.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12791 (GCVE-0-2017-12791)
Vulnerability from cvelistv5 – Published: 2017-08-23 14:00 – Updated: 2024-08-05 18:51
VLAI?
Summary
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:07.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/saltstack/salt/pull/42944"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872399"
},
{
"name": "100384",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100384"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1482006"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2017.7.1.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.saltstack.com/en/2016.11/topics/releases/2016.11.7.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-23T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/saltstack/salt/pull/42944"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872399"
},
{
"name": "100384",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100384"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1482006"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2017.7.1.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.saltstack.com/en/2016.11/topics/releases/2016.11.7.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/saltstack/salt/pull/42944",
"refsource": "CONFIRM",
"url": "https://github.com/saltstack/salt/pull/42944"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872399",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872399"
},
{
"name": "100384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100384"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1482006",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1482006"
},
{
"name": "https://docs.saltstack.com/en/latest/topics/releases/2017.7.1.html",
"refsource": "CONFIRM",
"url": "https://docs.saltstack.com/en/latest/topics/releases/2017.7.1.html"
},
{
"name": "https://docs.saltstack.com/en/2016.11/topics/releases/2016.11.7.html",
"refsource": "CONFIRM",
"url": "https://docs.saltstack.com/en/2016.11/topics/releases/2016.11.7.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12791",
"datePublished": "2017-08-23T14:00:00",
"dateReserved": "2017-08-10T00:00:00",
"dateUpdated": "2024-08-05T18:51:07.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-6941 (GCVE-0-2015-6941)
Vulnerability from cvelistv5 – Published: 2017-08-09 16:00 – Updated: 2024-08-06 07:36
VLAI?
Summary
win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:36:34.757Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2015.5.6.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2015.8.1.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1273066"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/twangboy/salt/commit/c0689e32154c41f59840ae10ffc5fbfa30618710"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-09T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2015.5.6.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2015.8.1.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1273066"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/twangboy/salt/commit/c0689e32154c41f59840ae10ffc5fbfa30618710"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.saltstack.com/en/latest/topics/releases/2015.5.6.html",
"refsource": "CONFIRM",
"url": "https://docs.saltstack.com/en/latest/topics/releases/2015.5.6.html"
},
{
"name": "https://docs.saltstack.com/en/latest/topics/releases/2015.8.1.html",
"refsource": "CONFIRM",
"url": "https://docs.saltstack.com/en/latest/topics/releases/2015.8.1.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1273066",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1273066"
},
{
"name": "https://github.com/twangboy/salt/commit/c0689e32154c41f59840ae10ffc5fbfa30618710",
"refsource": "CONFIRM",
"url": "https://github.com/twangboy/salt/commit/c0689e32154c41f59840ae10ffc5fbfa30618710"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-6941",
"datePublished": "2017-08-09T16:00:00",
"dateReserved": "2015-09-15T00:00:00",
"dateUpdated": "2024-08-06T07:36:34.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8109 (GCVE-0-2017-8109)
Vulnerability from cvelistv5 – Published: 2017-04-25 17:00 – Updated: 2024-08-05 16:27
VLAI?
Summary
The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/saltstack/salt/pull/40609/commits/6e34c2b5e5e849302af7ccd00509929c3809c658"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/saltstack/salt/issues/40075"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/saltstack/salt/pull/40609"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1035912"
},
{
"name": "98095",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98095"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2016.11.4.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-02T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/saltstack/salt/pull/40609/commits/6e34c2b5e5e849302af7ccd00509929c3809c658"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/saltstack/salt/issues/40075"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/saltstack/salt/pull/40609"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1035912"
},
{
"name": "98095",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98095"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2016.11.4.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/saltstack/salt/pull/40609/commits/6e34c2b5e5e849302af7ccd00509929c3809c658",
"refsource": "CONFIRM",
"url": "https://github.com/saltstack/salt/pull/40609/commits/6e34c2b5e5e849302af7ccd00509929c3809c658"
},
{
"name": "https://github.com/saltstack/salt/issues/40075",
"refsource": "CONFIRM",
"url": "https://github.com/saltstack/salt/issues/40075"
},
{
"name": "https://github.com/saltstack/salt/pull/40609",
"refsource": "CONFIRM",
"url": "https://github.com/saltstack/salt/pull/40609"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1035912",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1035912"
},
{
"name": "98095",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98095"
},
{
"name": "https://docs.saltstack.com/en/latest/topics/releases/2016.11.4.html",
"refsource": "CONFIRM",
"url": "https://docs.saltstack.com/en/latest/topics/releases/2016.11.4.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8109",
"datePublished": "2017-04-25T17:00:00",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-08-05T16:27:22.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1838 (GCVE-0-2015-1838)
Vulnerability from cvelistv5 – Published: 2017-04-13 14:00 – Updated: 2024-08-06 04:54
VLAI?
Summary
modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2016-105b3b8804",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175568.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212784"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/saltstack/salt/commit/e11298d7155e9982749483ca5538e46090caef9c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-13T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2016-105b3b8804",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175568.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212784"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/saltstack/salt/commit/e11298d7155e9982749483ca5538e46090caef9c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2016-105b3b8804",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175568.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1212784",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212784"
},
{
"name": "https://github.com/saltstack/salt/commit/e11298d7155e9982749483ca5538e46090caef9c",
"refsource": "CONFIRM",
"url": "https://github.com/saltstack/salt/commit/e11298d7155e9982749483ca5538e46090caef9c"
},
{
"name": "https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.html",
"refsource": "CONFIRM",
"url": "https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1838",
"datePublished": "2017-04-13T14:00:00",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1839 (GCVE-0-2015-1839)
Vulnerability from cvelistv5 – Published: 2017-04-13 14:00 – Updated: 2024-08-06 04:54
VLAI?
Summary
modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/saltstack/salt/commit/b49d0d4b5ca5c6f31f03e2caf97cef1088eeed81"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212788"
},
{
"name": "FEDORA-2016-105b3b8804",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175568.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/saltstack/salt/commit/22d2f7a1ec93300c34e8c42d14ec39d51e610b5c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-13T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/saltstack/salt/commit/b49d0d4b5ca5c6f31f03e2caf97cef1088eeed81"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212788"
},
{
"name": "FEDORA-2016-105b3b8804",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175568.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/saltstack/salt/commit/22d2f7a1ec93300c34e8c42d14ec39d51e610b5c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/saltstack/salt/commit/b49d0d4b5ca5c6f31f03e2caf97cef1088eeed81",
"refsource": "CONFIRM",
"url": "https://github.com/saltstack/salt/commit/b49d0d4b5ca5c6f31f03e2caf97cef1088eeed81"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1212788",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212788"
},
{
"name": "FEDORA-2016-105b3b8804",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175568.html"
},
{
"name": "https://github.com/saltstack/salt/commit/22d2f7a1ec93300c34e8c42d14ec39d51e610b5c",
"refsource": "CONFIRM",
"url": "https://github.com/saltstack/salt/commit/22d2f7a1ec93300c34e8c42d14ec39d51e610b5c"
},
{
"name": "https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.html",
"refsource": "CONFIRM",
"url": "https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1839",
"datePublished": "2017-04-13T14:00:00",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9639 (GCVE-0-2016-9639)
Vulnerability from cvelistv5 – Published: 2017-02-07 17:00 – Updated: 2024-08-06 02:59
VLAI?
Summary
Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.006Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20161125 CVE Request: salt confidentiality issue",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/11/25/2"
},
{
"name": "94553",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94553"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.saltstack.com/en/2015.8/ref/configuration/master.html#rotate-aes-key"
},
{
"name": "[oss-security] 20161125 Re: CVE Request: salt confidentiality issue",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/11/25/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-08T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20161125 CVE Request: salt confidentiality issue",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/11/25/2"
},
{
"name": "94553",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94553"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.saltstack.com/en/2015.8/ref/configuration/master.html#rotate-aes-key"
},
{
"name": "[oss-security] 20161125 Re: CVE Request: salt confidentiality issue",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/11/25/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9639",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20161125 CVE Request: salt confidentiality issue",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/25/2"
},
{
"name": "94553",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94553"
},
{
"name": "https://docs.saltstack.com/en/2015.8/ref/configuration/master.html#rotate-aes-key",
"refsource": "CONFIRM",
"url": "https://docs.saltstack.com/en/2015.8/ref/configuration/master.html#rotate-aes-key"
},
{
"name": "[oss-security] 20161125 Re: CVE Request: salt confidentiality issue",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/25/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9639",
"datePublished": "2017-02-07T17:00:00",
"dateReserved": "2016-11-25T00:00:00",
"dateUpdated": "2024-08-06T02:59:03.006Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-3176 (GCVE-0-2016-3176)
Vulnerability from cvelistv5 – Published: 2017-01-31 19:00 – Updated: 2024-08-05 23:47
VLAI?
Summary
Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:58.127Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2015.8.8.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2015.5.10.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-31T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2015.8.8.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2015.5.10.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3176",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.saltstack.com/en/latest/topics/releases/2015.8.8.html",
"refsource": "CONFIRM",
"url": "https://docs.saltstack.com/en/latest/topics/releases/2015.8.8.html"
},
{
"name": "https://docs.saltstack.com/en/latest/topics/releases/2015.5.10.html",
"refsource": "CONFIRM",
"url": "https://docs.saltstack.com/en/latest/topics/releases/2015.5.10.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3176",
"datePublished": "2017-01-31T19:00:00",
"dateReserved": "2016-03-15T00:00:00",
"dateUpdated": "2024-08-05T23:47:58.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8034 (GCVE-0-2015-8034)
Vulnerability from cvelistv5 – Published: 2017-01-30 22:00 – Updated: 2024-08-06 08:06
VLAI?
Summary
The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:31.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96390",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96390"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2015.8.3.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-01T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "96390",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96390"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2015.8.3.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96390",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96390"
},
{
"name": "https://docs.saltstack.com/en/latest/topics/releases/2015.8.3.html",
"refsource": "CONFIRM",
"url": "https://docs.saltstack.com/en/latest/topics/releases/2015.8.3.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8034",
"datePublished": "2017-01-30T22:00:00",
"dateReserved": "2015-11-02T00:00:00",
"dateUpdated": "2024-08-06T08:06:31.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1866 (GCVE-0-2016-1866)
Vulnerability from cvelistv5 – Published: 2016-04-12 14:00 – Updated: 2024-08-05 23:10
VLAI?
Summary
Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master data stream.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:10:39.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2015.8.4.html"
},
{
"name": "openSUSE-SU-2016:0694",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00034.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master data stream."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-12T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.saltstack.com/en/latest/topics/releases/2015.8.4.html"
},
{
"name": "openSUSE-SU-2016:0694",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00034.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1866",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master data stream."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.saltstack.com/en/latest/topics/releases/2015.8.4.html",
"refsource": "CONFIRM",
"url": "https://docs.saltstack.com/en/latest/topics/releases/2015.8.4.html"
},
{
"name": "openSUSE-SU-2016:0694",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00034.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1866",
"datePublished": "2016-04-12T14:00:00",
"dateReserved": "2016-01-13T00:00:00",
"dateUpdated": "2024-08-05T23:10:39.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3563 (GCVE-0-2014-3563)
Vulnerability from cvelistv5 – Published: 2014-08-22 17:00 – Updated: 2024-08-06 10:50
VLAI?
Summary
Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:17.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "salt-cve20143563-symlink(95392)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95392"
},
{
"name": "[oss-security] 20140821 Revised: Salt 2014.1.10 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/428"
},
{
"name": "69319",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69319"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.saltstack.com/en/latest/topics/releases/2014.1.10.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "salt-cve20143563-symlink(95392)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95392"
},
{
"name": "[oss-security] 20140821 Revised: Salt 2014.1.10 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/428"
},
{
"name": "69319",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69319"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.saltstack.com/en/latest/topics/releases/2014.1.10.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3563",
"datePublished": "2014-08-22T17:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:17.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4436 (GCVE-0-2013-4436)
Vulnerability from cvelistv5 – Published: 2013-11-05 18:00 – Updated: 2024-09-16 22:41
VLAI?
Summary
The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle (MITM) attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:13.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20131018 Re: CVE request for saltstack minion identity usurpation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/18/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.saltstack.com/topics/releases/0.17.1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle (MITM) attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-05T18:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20131018 Re: CVE request for saltstack minion identity usurpation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/18/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.saltstack.com/topics/releases/0.17.1.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4436",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle (MITM) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131018 Re: CVE request for saltstack minion identity usurpation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/18/3"
},
{
"name": "http://docs.saltstack.com/topics/releases/0.17.1.html",
"refsource": "CONFIRM",
"url": "http://docs.saltstack.com/topics/releases/0.17.1.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4436",
"datePublished": "2013-11-05T18:00:00Z",
"dateReserved": "2013-06-12T00:00:00Z",
"dateUpdated": "2024-09-16T22:41:15.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4435 (GCVE-0-2013-4435)
Vulnerability from cvelistv5 – Published: 2013-11-05 18:00 – Updated: 2024-09-17 01:36
VLAI?
Summary
Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:13.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20131018 Re: CVE request for saltstack minion identity usurpation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/18/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.saltstack.com/topics/releases/0.17.1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-05T18:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20131018 Re: CVE request for saltstack minion identity usurpation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/18/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.saltstack.com/topics/releases/0.17.1.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4435",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131018 Re: CVE request for saltstack minion identity usurpation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/18/3"
},
{
"name": "http://docs.saltstack.com/topics/releases/0.17.1.html",
"refsource": "CONFIRM",
"url": "http://docs.saltstack.com/topics/releases/0.17.1.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4435",
"datePublished": "2013-11-05T18:00:00Z",
"dateReserved": "2013-06-12T00:00:00Z",
"dateUpdated": "2024-09-17T01:36:05.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6617 (GCVE-0-2013-6617)
Vulnerability from cvelistv5 – Published: 2013-11-05 18:00 – Updated: 2024-09-17 02:02
VLAI?
Summary
The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:22.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.saltstack.com/topics/releases/0.17.1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-05T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.saltstack.com/topics/releases/0.17.1.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://docs.saltstack.com/topics/releases/0.17.1.html",
"refsource": "CONFIRM",
"url": "http://docs.saltstack.com/topics/releases/0.17.1.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6617",
"datePublished": "2013-11-05T18:00:00Z",
"dateReserved": "2013-11-05T00:00:00Z",
"dateUpdated": "2024-09-17T02:02:10.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4437 (GCVE-0-2013-4437)
Vulnerability from cvelistv5 – Published: 2013-11-05 18:00 – Updated: 2024-09-17 04:04
VLAI?
Summary
Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20131018 Re: CVE request for saltstack minion identity usurpation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/18/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.saltstack.com/topics/releases/0.17.1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vectors related to \"insecure Usage of /tmp.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-05T18:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20131018 Re: CVE request for saltstack minion identity usurpation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/18/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.saltstack.com/topics/releases/0.17.1.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vectors related to \"insecure Usage of /tmp.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131018 Re: CVE request for saltstack minion identity usurpation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/18/3"
},
{
"name": "http://docs.saltstack.com/topics/releases/0.17.1.html",
"refsource": "CONFIRM",
"url": "http://docs.saltstack.com/topics/releases/0.17.1.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4437",
"datePublished": "2013-11-05T18:00:00Z",
"dateReserved": "2013-06-12T00:00:00Z",
"dateUpdated": "2024-09-17T04:04:59.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4439 (GCVE-0-2013-4439)
Vulnerability from cvelistv5 – Published: 2013-11-05 18:00 – Updated: 2024-09-16 16:18
VLAI?
Summary
Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.708Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20131018 Re: CVE request for saltstack minion identity usurpation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/18/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/saltstack/salt/pull/7356"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.saltstack.com/topics/releases/0.17.1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-05T18:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20131018 Re: CVE request for saltstack minion identity usurpation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/18/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/saltstack/salt/pull/7356"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.saltstack.com/topics/releases/0.17.1.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131018 Re: CVE request for saltstack minion identity usurpation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/18/3"
},
{
"name": "https://github.com/saltstack/salt/pull/7356",
"refsource": "CONFIRM",
"url": "https://github.com/saltstack/salt/pull/7356"
},
{
"name": "http://docs.saltstack.com/topics/releases/0.17.1.html",
"refsource": "CONFIRM",
"url": "http://docs.saltstack.com/topics/releases/0.17.1.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4439",
"datePublished": "2013-11-05T18:00:00Z",
"dateReserved": "2013-06-12T00:00:00Z",
"dateUpdated": "2024-09-16T16:18:55.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4438 (GCVE-0-2013-4438)
Vulnerability from cvelistv5 – Published: 2013-11-05 18:00 – Updated: 2024-09-17 03:54
VLAI?
Summary
Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to be loaded has already been determined to be safe.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.712Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20131018 Re: CVE request for saltstack minion identity usurpation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/18/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.saltstack.com/topics/releases/0.17.1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to be loaded has already been determined to be safe."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-05T18:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20131018 Re: CVE request for saltstack minion identity usurpation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/18/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.saltstack.com/topics/releases/0.17.1.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to be loaded has already been determined to be safe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131018 Re: CVE request for saltstack minion identity usurpation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/18/3"
},
{
"name": "http://docs.saltstack.com/topics/releases/0.17.1.html",
"refsource": "CONFIRM",
"url": "http://docs.saltstack.com/topics/releases/0.17.1.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4438",
"datePublished": "2013-11-05T18:00:00Z",
"dateReserved": "2013-06-12T00:00:00Z",
"dateUpdated": "2024-09-17T03:54:13.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}