| CVE-2017-5200 |
high |
8.8 |
8.8 |
|
|
|
9y ago |
Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client. |
| CVE-2017-5192 |
high |
8.8 |
8.8 |
|
|
|
9y ago |
When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all au… |
| CVE-2016-1866 |
high |
8.1 |
8.1 |
|
|
|
10y ago |
Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master dat… |
| CVE-2017-8109 |
high |
7.8 |
7.8 |
|
|
|
9y ago |
The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on co… |
| CVE-2017-14696 |
high |
7.5 |
7.5 |
|
|
|
4y ago |
SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request. |
| CVE-2015-4017 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules. |
| CVE-2013-4438 |
high |
— |
7.5 |
|
|
|
13y ago |
Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to … |
| CVE-2014-3563 |
high |
— |
7.2 |
|
|
|
12y ago |
Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-s… |
| CVE-2020-16846 |
unknown |
— |
2.5 |
|
|
|
4y ago |
SaltStack Salt allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt API using the SSH client. This vulnerability affects any users runnin… |
| CVE-2020-11651 |
unknown |
— |
2.5 |
|
|
|
4y ago |
SaltStack Salt contains an authentication bypass vulnerability in the salt-master process ClearFuncs due to improperly validating method calls. The vulnerability allows a remote user to access some m… |
| CVE-2020-11652 |
unknown |
— |
2.5 |
|
|
|
4y ago |
SaltStack Salt contains a path traversal vulnerability in the salt-master process ClearFuncs which allows directory access to authenticated users. Salt users who follow fundamental internet security … |
