| CVE-2020-16846 |
unknown |
— |
2.5 |
|
|
|
4y ago |
SaltStack Salt allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt API using the SSH client. This vulnerability affects any users runnin… |
| CVE-2020-11651 |
unknown |
— |
2.5 |
|
|
|
4y ago |
SaltStack Salt contains an authentication bypass vulnerability in the salt-master process ClearFuncs due to improperly validating method calls. The vulnerability allows a remote user to access some m… |
| CVE-2020-11652 |
unknown |
— |
2.5 |
|
|
|
4y ago |
SaltStack Salt contains a path traversal vulnerability in the salt-master process ClearFuncs which allows directory access to authenticated users. Salt users who follow fundamental internet security … |
| CVE-2021-25282 |
unknown |
— |
1.0 |
|
|
|
4y ago |
An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal. |
| CVE-2021-25281 |
unknown |
— |
1.0 |
|
|
|
4y ago |
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the mast… |
| CVE-2020-25592 |
unknown |
— |
1.0 |
|
|
|
4y ago |
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH. |
