| CVE-2013-6617 |
critical |
— |
10.0 |
|
|
|
13y ago |
The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges. |
| CVE-2013-4437 |
critical |
— |
10.0 |
|
|
|
13y ago |
Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp." |
| CVE-2017-14695 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials … |
| CVE-2017-12791 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master … |
| CVE-2015-6941 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs. |
| CVE-2013-4436 |
critical |
— |
9.3 |
|
|
|
13y ago |
The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle … |
| CVE-2016-9639 |
critical |
9.1 |
9.1 |
|
|
|
9y ago |
Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching. |
| CVE-2015-6918 |
medium |
6.3 |
6.3 |
|
|
|
9y ago |
salt before 2015.5.5 leaks git usernames and passwords to the log. |
| CVE-2013-4435 |
medium |
— |
6.0 |
|
|
|
13y ago |
Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another rou… |
| CVE-2016-3176 |
medium |
5.6 |
5.6 |
|
|
|
10y ago |
Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with … |
| CVE-2015-1839 |
medium |
5.3 |
5.3 |
|
|
|
4y ago |
modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. |
| CVE-2015-1838 |
medium |
5.3 |
5.3 |
|
|
|
9y ago |
modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. |
| CVE-2013-4439 |
medium |
— |
4.9 |
|
|
|
13y ago |
Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key. |
| CVE-2015-8034 |
low |
3.3 |
3.3 |
|
|
|
4y ago |
The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file. |
