CVE-2021-31607 |
AVG-2355 |
High |
No |
Privilege escalation |
In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a... |
CVE-2021-25315 |
AVG-1677 |
Medium |
No |
Authentication bypass |
An incorrect implementation of authentication algorithm vulnerability allows local attackers to execute arbitrary code via salt without the need to specify... |
CVE-2021-25284 |
AVG-1624 |
Medium |
No |
Information disclosure |
An issue was discovered in SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level. |
CVE-2021-25283 |
AVG-1624 |
High |
Yes |
Cross-site scripting |
An issue was discovered in SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks. |
CVE-2021-25282 |
AVG-1624 |
Medium |
Yes |
Directory traversal |
An issue was discovered in SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal. |
CVE-2021-25281 |
AVG-1624 |
High |
Yes |
Access restriction bypass |
An issue was discovered in SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can... |
CVE-2021-22004 |
AVG-2356 |
Medium |
No |
Insufficient validation |
An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is... |
CVE-2021-21996 |
AVG-2354 |
Medium |
Yes |
Arbitrary filesystem access |
An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root... |
CVE-2021-3197 |
AVG-1624 |
High |
Yes |
Arbitrary command execution |
An issue was discovered in SaltStack Salt before 3002.5. The salt- api's ssh client is vulnerable to a shell injection by including ProxyCommand in an... |
CVE-2021-3148 |
AVG-1624 |
Medium |
Yes |
Arbitrary command execution |
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command... |
CVE-2021-3144 |
AVG-1624 |
High |
Yes |
Insufficient validation |
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.) |
CVE-2020-35662 |
AVG-1624 |
High |
Yes |
Certificate verification bypass |
In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated. |
CVE-2020-28972 |
AVG-1624 |
High |
Yes |
Certificate verification bypass |
In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS... |
CVE-2020-28243 |
AVG-1624 |
High |
No |
Privilege escalation |
An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This... |
CVE-2020-25592 |
AVG-1262 |
Critical |
Yes |
Arbitrary command execution |
An issue has been found in Salt before 3001.3, 3000.5, 2019.2.7 where, when using the SSH client, an unauthenticated user can gain access to run commands... |
CVE-2020-17490 |
AVG-1262 |
Low |
Yes |
Access restriction bypass |
An issue has been found in Salt before 3001.3, 3000.5, 2019.2.7 where, when using the functions create_ca, create_csr, and create_self_signed_cert in the... |
CVE-2020-16846 |
AVG-1262 |
High |
Yes |
Arbitrary command execution |
An issue has been found in Salt before 3001.3, 3000.5, 2019.2.7 where an unauthenticated user with network access to the Salt API can use shell injections... |
CVE-2020-11652 |
AVG-1147 |
Critical |
Yes |
Arbitrary filesystem access |
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods... |
CVE-2020-11651 |
AVG-1147 |
Critical |
Yes |
Arbitrary command execution |
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method... |
CVE-2019-17361 |
AVG-1087 |
Medium |
Yes |
Arbitrary command execution |
With the Salt NetAPI enabled in addition to having a SSH roster defined, unauthenticated access is possible when specifying the client as SSH. Additionally,... |
CVE-2017-14696 |
AVG-438 |
Medium |
Yes |
Denial of service |
It has been discovered that salt incorrectly handled IDs with null bytes in decoded payloads. A specially crafted authentication request will crash the... |
CVE-2017-14695 |
AVG-438 |
Medium |
Yes |
Directory traversal |
It has been discovered that maliciously crafted minion IDs can cause unwanted directory traversals on the salt-master. The flaw is within the minion id... |
CVE-2017-12791 |
AVG-383 |
Medium |
Yes |
Directory traversal |
It has been discovered that maliciously crafted minion IDs can cause unwanted directory traversals on the salt-master. The flaw is within the minion id... |
CVE-2017-5200 |
AVG-159 |
High |
Yes |
Arbitrary command execution |
Salt-api allows arbitrary command execution on a salt-master via Salt's ssh_client. Users of Salt-API and salt-ssh could execute a command on the salt... |
CVE-2017-5192 |
AVG-159 |
High |
No |
Arbitrary code execution |
The `LocalClient.cmd_batch()` method client does not accept `external_auth` credentials and so access to it from salt-api has been removed for now. This... |