usn-4769-1
Vulnerability from osv_ubuntu
It was discovered that Salt allowed remote attackers to write to arbitrary files via a special crafted file. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. (CVE-2014-3563)
Andreas Stieger discovered that Salt exposed git usernames and passwords in log files. An attacker could use this issue to retrieve sensitive information. This issue only affected Ubuntu 14.04 ESM. (CVE-2015-6918).
It was discovered that Salt exposed password authentication credentials in log files. An attacker could use this issue to retrieve sensitive information. This issue only affected Ubuntu 14.04 ESM. (CVE-2015-6941)
It was discovered that Salt allowed remote attackers to write to arbitrary files via a special crafted file. An attacker could use this issue to cause a DoS or possibly execute arbitrary code. (CVE-2017-12791, CVE-2017-14695, CVE-2017-14696)
It was discovered that Salt allowed remote attackers to determine which files exist on the server. An attacker could use this issue to extract sensitive information. This issue only affected Ubuntu 16.04 ESM. (CVE-2018-15750)
It was discovered that Salt allowed users to bypass authentication. An attacker could use this issue to extract sensitive information, execute arbitrary code or crash the server. This issue only affected Ubuntu 16.04 ESM. (CVE-2018-15751)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2014-3563",
"severity": [
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-6918",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-6941",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-12791",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-14695",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-14696",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:14.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "salt-common",
"binary_version": "0.17.5+ds-1ubuntu0.1~esm1"
},
{
"binary_name": "salt-master",
"binary_version": "0.17.5+ds-1ubuntu0.1~esm1"
},
{
"binary_name": "salt-minion",
"binary_version": "0.17.5+ds-1ubuntu0.1~esm1"
},
{
"binary_name": "salt-ssh",
"binary_version": "0.17.5+ds-1ubuntu0.1~esm1"
},
{
"binary_name": "salt-syndic",
"binary_version": "0.17.5+ds-1ubuntu0.1~esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "salt",
"purl": "pkg:deb/ubuntu/salt@0.17.5+ds-1ubuntu0.1~esm1?arch=source\u0026distro=trusty/esm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.17.5+ds-1ubuntu0.1~esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.16.0-1",
"0.16.4-2",
"0.17.1+dfsg-1",
"0.17.2-1",
"0.17.2-2",
"0.17.2-3",
"0.17.4-1",
"0.17.4-2",
"0.17.5-1",
"0.17.5+ds-1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2017-12791",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-14695",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-14696",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2018-15750",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2018-15751",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:16.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "salt-api",
"binary_version": "2015.8.8+ds-1ubuntu0.1+esm1"
},
{
"binary_name": "salt-cloud",
"binary_version": "2015.8.8+ds-1ubuntu0.1+esm1"
},
{
"binary_name": "salt-common",
"binary_version": "2015.8.8+ds-1ubuntu0.1+esm1"
},
{
"binary_name": "salt-master",
"binary_version": "2015.8.8+ds-1ubuntu0.1+esm1"
},
{
"binary_name": "salt-minion",
"binary_version": "2015.8.8+ds-1ubuntu0.1+esm1"
},
{
"binary_name": "salt-proxy",
"binary_version": "2015.8.8+ds-1ubuntu0.1+esm1"
},
{
"binary_name": "salt-ssh",
"binary_version": "2015.8.8+ds-1ubuntu0.1+esm1"
},
{
"binary_name": "salt-syndic",
"binary_version": "2015.8.8+ds-1ubuntu0.1+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "salt",
"purl": "pkg:deb/ubuntu/salt@2015.8.8+ds-1ubuntu0.1+esm1?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2015.8.8+ds-1ubuntu0.1+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2015.5.3+ds-1",
"2015.8.1+ds-2",
"2015.8.3+ds-1",
"2015.8.3+ds-2",
"2015.8.3+ds-3",
"2015.8.5+ds-1",
"2015.8.7+ds-1",
"2015.8.8+ds-1",
"2015.8.8+ds-1ubuntu0.1~esm1",
"2015.8.8+ds-1ubuntu0.1"
]
}
],
"aliases": [],
"details": "It was discovered that Salt allowed remote attackers to write to\narbitrary files via a special crafted file. An attacker could use this\nvulnerability to cause a DoS or possibly execute arbitrary code. This\nissue only affected Ubuntu 14.04 ESM. (CVE-2014-3563)\n\nAndreas Stieger discovered that Salt exposed git usernames and passwords\nin log files. An attacker could use this issue to retrieve sensitive\ninformation. This issue only affected Ubuntu 14.04 ESM. (CVE-2015-6918).\n\nIt was discovered that Salt exposed password authentication\ncredentials in log files. An attacker could use this issue to retrieve\nsensitive information. This issue only affected Ubuntu 14.04 ESM.\n(CVE-2015-6941)\n\nIt was discovered that Salt allowed remote attackers to write to\narbitrary files via a special crafted file. An attacker could use this \nissue to cause a DoS or possibly execute arbitrary code. (CVE-2017-12791,\nCVE-2017-14695, CVE-2017-14696)\n\nIt was discovered that Salt allowed remote attackers to determine which\nfiles exist on the server. An attacker could use this issue to extract\nsensitive information. This issue only affected Ubuntu 16.04 ESM.\n(CVE-2018-15750)\n\nIt was discovered that Salt allowed users to bypass authentication. An\nattacker could use this issue to extract sensitive information, execute\narbitrary code or crash the server. This issue only affected Ubuntu 16.04\nESM. (CVE-2018-15751)",
"id": "USN-4769-1",
"modified": "2026-06-29T10:52:48Z",
"published": "2021-03-15T20:11:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4769-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-3563"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-6918"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-6941"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-12791"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-14695"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-14696"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2018-15750"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2018-15751"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "salt vulnerabilities",
"upstream": [
"UBUNTU-CVE-2014-3563",
"UBUNTU-CVE-2015-6918",
"UBUNTU-CVE-2015-6941",
"UBUNTU-CVE-2017-12791",
"UBUNTU-CVE-2017-14695",
"UBUNTU-CVE-2017-14696",
"UBUNTU-CVE-2018-15750",
"UBUNTU-CVE-2018-15751"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.