salt

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Unknown
Version Removed

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2356 3003.2-1 3003.3-1 Medium Not affected
AVG-2355 3002.6-1 3003-1 High Fixed
AVG-2354 3003.2-1 3003.3-1 Medium Fixed
AVG-1677 3002.5-3 Medium Not affected
AVG-1624 2019.2.7-1 3002.5-3 High Fixed
AVG-1262 2019.2.4-1 2019.2.7-1 Critical Fixed
AVG-1147 2019.2.3-1 2019.2.4-1 Critical Fixed
AVG-1087 2019.2.2-1 2019.2.3-1 Medium Fixed
AVG-438 2017.7.1-1 2017.7.2-1 Medium Fixed
AVG-383 2017.7.0-1 2017.7.1-1 Medium Fixed
AVG-159 2016.11.1-1 2016.11.2-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2021-31607 AVG-2355 High No Privilege escalation
In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a...
CVE-2021-25315 AVG-1677 Medium No Authentication bypass
An incorrect implementation of authentication algorithm vulnerability allows local attackers to execute arbitrary code via salt without the need to specify...
CVE-2021-25284 AVG-1624 Medium No Information disclosure
An issue was discovered in SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
CVE-2021-25283 AVG-1624 High Yes Cross-site scripting
An issue was discovered in SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.
CVE-2021-25282 AVG-1624 Medium Yes Directory traversal
An issue was discovered in SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.
CVE-2021-25281 AVG-1624 High Yes Access restriction bypass
An issue was discovered in SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can...
CVE-2021-22004 AVG-2356 Medium No Insufficient validation
An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is...
CVE-2021-21996 AVG-2354 Medium Yes Arbitrary filesystem access
An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root...
CVE-2021-3197 AVG-1624 High Yes Arbitrary command execution
An issue was discovered in SaltStack Salt before 3002.5. The salt- api's ssh client is vulnerable to a shell injection by including ProxyCommand in an...
CVE-2021-3148 AVG-1624 Medium Yes Arbitrary command execution
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command...
CVE-2021-3144 AVG-1624 High Yes Insufficient validation
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
CVE-2020-35662 AVG-1624 High Yes Certificate verification bypass
In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.
CVE-2020-28972 AVG-1624 High Yes Certificate verification bypass
In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS...
CVE-2020-28243 AVG-1624 High No Privilege escalation
An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This...
CVE-2020-25592 AVG-1262 Critical Yes Arbitrary command execution
An issue has been found in Salt before 3001.3, 3000.5, 2019.2.7 where, when using the SSH client, an unauthenticated user can gain access to run commands...
CVE-2020-17490 AVG-1262 Low Yes Access restriction bypass
An issue has been found in Salt before 3001.3, 3000.5, 2019.2.7 where, when using the functions create_ca, create_csr, and create_self_signed_cert in the...
CVE-2020-16846 AVG-1262 High Yes Arbitrary command execution
An issue has been found in Salt before 3001.3, 3000.5, 2019.2.7 where an unauthenticated user with network access to the Salt API can use shell injections...
CVE-2020-11652 AVG-1147 Critical Yes Arbitrary filesystem access
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods...
CVE-2020-11651 AVG-1147 Critical Yes Arbitrary command execution
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method...
CVE-2019-17361 AVG-1087 Medium Yes Arbitrary command execution
With the Salt NetAPI enabled in addition to having a SSH roster defined, unauthenticated access is possible when specifying the client as SSH. Additionally,...
CVE-2017-14696 AVG-438 Medium Yes Denial of service
It has been discovered that salt incorrectly handled IDs with null bytes in decoded payloads. A specially crafted authentication request will crash the...
CVE-2017-14695 AVG-438 Medium Yes Directory traversal
It has been discovered that maliciously crafted minion IDs can cause unwanted directory traversals on the salt-master. The flaw is within the minion id...
CVE-2017-12791 AVG-383 Medium Yes Directory traversal
It has been discovered that maliciously crafted minion IDs can cause unwanted directory traversals on the salt-master. The flaw is within the minion id...
CVE-2017-5200 AVG-159 High Yes Arbitrary command execution
Salt-api allows arbitrary command execution on a salt-master via Salt's ssh_client. Users of Salt-API and salt-ssh could execute a command on the salt...
CVE-2017-5192 AVG-159 High No Arbitrary code execution
The `LocalClient.cmd_batch()` method client does not accept `external_auth` credentials and so access to it from salt-api has been removed for now. This...

Advisories

Date Advisory Group Severity Type
27 Feb 2021 ASA-202102-33 AVG-1624 High multiple issues
10 Nov 2020 ASA-202011-7 AVG-1262 Critical multiple issues
05 May 2020 ASA-202005-1 AVG-1147 Critical multiple issues
29 Jan 2020 ASA-202001-7 AVG-1087 Medium arbitrary command execution
09 Oct 2017 ASA-201710-12 AVG-438 Medium multiple issues
23 Aug 2017 ASA-201708-17 AVG-383 Medium directory traversal
31 Jan 2017 ASA-201701-41 AVG-159 High multiple issues