| CVE-2013-6617 |
critical |
— |
10.0 |
|
|
|
13y ago |
The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges. |
| CVE-2013-4437 |
critical |
— |
10.0 |
|
|
|
13y ago |
Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp." |
| CVE-2017-14695 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials … |
| CVE-2017-12791 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master … |
| CVE-2015-6941 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs. |
| CVE-2013-4436 |
critical |
— |
9.3 |
|
|
|
13y ago |
The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle … |
| CVE-2016-9639 |
critical |
9.1 |
9.1 |
|
|
|
9y ago |
Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching. |
| CVE-2015-6918 |
medium |
6.3 |
6.3 |
|
|
|
9y ago |
salt before 2015.5.5 leaks git usernames and passwords to the log. |
| CVE-2013-4435 |
medium |
— |
6.0 |
|
|
|
13y ago |
Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another rou… |
| CVE-2016-3176 |
medium |
5.6 |
5.6 |
|
|
|
10y ago |
Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with … |
| CVE-2015-1839 |
medium |
5.3 |
5.3 |
|
|
|
4y ago |
modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. |
| CVE-2015-1838 |
medium |
5.3 |
5.3 |
|
|
|
9y ago |
modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. |
| CVE-2013-4439 |
medium |
— |
4.9 |
|
|
|
13y ago |
Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key. |
| CVE-2020-16846 |
unknown |
— |
2.5 |
|
|
|
4y ago |
SaltStack Salt allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt API using the SSH client. This vulnerability affects any users runnin… |
| CVE-2020-11651 |
unknown |
— |
2.5 |
|
|
|
4y ago |
SaltStack Salt contains an authentication bypass vulnerability in the salt-master process ClearFuncs due to improperly validating method calls. The vulnerability allows a remote user to access some m… |
| CVE-2020-11652 |
unknown |
— |
2.5 |
|
|
|
4y ago |
SaltStack Salt contains a path traversal vulnerability in the salt-master process ClearFuncs which allows directory access to authenticated users. Salt users who follow fundamental internet security … |
