Skip to main content

Salt

46 CVEs product

Monthly

CVE-2024-38824 PyPI CRITICAL PATCH Act Now

Directory traversal vulnerability in the recv_file method that permits authenticated attackers to write arbitrary files to the master cache directory, potentially leading to code execution or system compromise. The vulnerability affects products using vulnerable file reception mechanisms and carries a critical CVSS 9.6 score with network accessibility and low complexity. While specific KEV/EPSS data was not provided in the intelligence briefing, the combination of high CVSS, low attack complexity, and authenticated-but-common access vectors suggests elevated real-world risk.

Path Traversal Salt Suse
NVD GitHub
CVSS 3.1
9.6
EPSS
0.2%
CVE-2023-20898 PyPI HIGH PATCH This Week

Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. Rated high severity (CVSS 7.8). No vendor patch available.

Denial Of Service Salt
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-20897 PyPI MEDIUM PATCH This Month

Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Salt
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-22967 PyPI HIGH PATCH This Week

An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Salt
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2022-22941 PyPI HIGH PATCH This Week

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Salt
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-22936 PyPI HIGH PATCH This Week

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Salt
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-22935 PyPI LOW PATCH Monitor

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Authentication Bypass Salt
NVD GitHub
CVSS 3.1
3.7
EPSS
1.6%
CVE-2022-22934 PyPI HIGH PATCH This Week

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Salt
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-22004 PyPI MEDIUM PATCH This Month

An issue was discovered in SaltStack Salt before 3003.3. Rated medium severity (CVSS 6.4).

Information Disclosure Race Condition Salt Fedora
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2021-21996 PyPI HIGH PATCH This Week

An issue was discovered in SaltStack Salt before 3003.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Information Disclosure Salt Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2021-31607 PyPI HIGH POC PATCH This Week

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Command Injection Salt Fedora
NVD
CVSS 3.1
7.8
EPSS
3.8%
CVE-2021-25315 PyPI HIGH PATCH This Week

CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Authentication Bypass Salt
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-3197 PyPI CRITICAL PATCH Act Now

An issue was discovered in SaltStack Salt before 3002.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Salt Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
72.3%
CVE-2021-3148 PyPI CRITICAL PATCH Act Now

An issue was discovered in SaltStack Salt before 3002.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Salt Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
8.2%
CVE-2021-3144 PyPI CRITICAL PATCH Act Now

In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Salt Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.1
EPSS
5.2%
CVE-2021-25284 PyPI MEDIUM PATCH This Month

An issue was discovered in through SaltStack Salt before 3002.5. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Salt Fedora Debian Linux
NVD GitHub
CVSS 3.1
4.4
EPSS
0.5%
CVE-2021-25283 PyPI CRITICAL PATCH Act Now

An issue was discovered in through SaltStack Salt before 3002.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Salt Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
10.4%
CVE-2021-25282 PyPI CRITICAL POC PATCH THREAT Emergency

An issue was discovered in through SaltStack Salt before 3002.5. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Salt Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.1
EPSS
92.3%
CVE-2021-25281 PyPI CRITICAL POC PATCH THREAT Emergency

An issue was discovered in through SaltStack Salt before 3002.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Salt Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
72.9%
CVE-2020-25592 PyPI CRITICAL POC PATCH THREAT Emergency

In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Salt Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
57.5%
CVE-2020-17490 PyPI MEDIUM PATCH This Month

The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Salt Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-16846 PyPI CRITICAL POC KEV PATCH THREAT Emergency

An issue was discovered in SaltStack Salt through 3002. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Salt Debian Linux Fedora Leap
NVD GitHub
CVSS 3.1
9.8
EPSS
99.6%
CVE-2020-11652 PyPI MEDIUM POC KEV PATCH THREAT This Month

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Salt Leap Debian Linux Ubuntu Linux +2
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
86.1%
CVE-2020-11651 PyPI CRITICAL POC KEV PATCH THREAT Emergency

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Salt Leap Debian Linux Ubuntu Linux +1
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
96.4%
CVE-2018-15751 PyPI CRITICAL PATCH Act Now

SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Salt
NVD
CVSS 3.0
9.8
EPSS
5.2%
CVE-2018-15750 PyPI MEDIUM PATCH This Month

Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Salt
NVD
CVSS 3.0
5.3
EPSS
4.2%
CVE-2017-14696 PyPI HIGH PATCH This Week

SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Salt
NVD GitHub
CVSS 3.0
7.5
EPSS
1.9%
CVE-2017-14695 PyPI CRITICAL PATCH Act Now

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Salt
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-5200 PyPI HIGH PATCH This Week

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Salt
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2017-5192 PyPI HIGH PATCH This Week

When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Salt
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2015-4017 PyPI HIGH PATCH This Week

Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Splunk Information Disclosure Salt
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-12791 PyPI CRITICAL PATCH GHSA Act Now

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Salt
NVD GitHub
CVSS 3.0
9.8
EPSS
0.9%
CVE-2017-8109 PyPI HIGH PATCH This Week

The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Salt
NVD GitHub
CVSS 3.0
7.8
EPSS
0.0%
CVE-2015-1839 PyPI MEDIUM PATCH This Month

modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.

Information Disclosure Salt Fedora
NVD GitHub
CVSS 3.0
5.3
EPSS
0.1%
CVE-2015-1838 PyPI MEDIUM PATCH This Month

modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.

Information Disclosure Salt Fedora
NVD GitHub
CVSS 3.0
5.3
EPSS
0.1%
CVE-2016-9639 PyPI CRITICAL PATCH Act Now

Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Salt
NVD
CVSS 3.0
9.1
EPSS
0.8%
CVE-2016-3176 PyPI MEDIUM PATCH This Month

Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Salt
NVD
CVSS 3.0
5.6
EPSS
0.2%
CVE-2015-8034 PyPI LOW PATCH Monitor

The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Salt
NVD
CVSS 3.0
3.3
EPSS
0.0%
CVE-2016-1866 PyPI HIGH PATCH This Week

Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Authentication Bypass Salt Leap
NVD
CVSS 3.0
8.1
EPSS
0.6%
CVE-2014-3563 PyPI HIGH PATCH This Week

Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2). Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Information Disclosure Salt
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2013-6617 PyPI CRITICAL PATCH Act Now

The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Salt
NVD
CVSS 2.0
10.0
EPSS
1.7%
CVE-2013-4439 PyPI MEDIUM PATCH This Month

Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Privilege Escalation Salt
NVD GitHub
CVSS 2.0
4.9
EPSS
0.2%
CVE-2013-4438 PyPI HIGH PATCH This Week

Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Salt
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2013-4437 PyPI CRITICAL PATCH Act Now

Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp.". Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Salt
NVD
CVSS 2.0
10.0
EPSS
0.7%
CVE-2013-4436 PyPI CRITICAL PATCH Act Now

The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

Information Disclosure Salt
NVD
CVSS 2.0
9.3
EPSS
0.7%
CVE-2013-4435 PyPI MEDIUM PATCH This Month

Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Salt
NVD
CVSS 2.0
6.0
EPSS
0.3%
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Directory traversal vulnerability in the recv_file method that permits authenticated attackers to write arbitrary files to the master cache directory, potentially leading to code execution or system compromise. The vulnerability affects products using vulnerable file reception mechanisms and carries a critical CVSS 9.6 score with network accessibility and low complexity. While specific KEV/EPSS data was not provided in the intelligence briefing, the combination of high CVSS, low attack complexity, and authenticated-but-common access vectors suggests elevated real-world risk.

Path Traversal Salt Suse
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. Rated high severity (CVSS 7.8). No vendor patch available.

Denial Of Service Salt
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Salt
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Salt
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Salt
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Salt
NVD GitHub
EPSS 2% CVSS 3.7
LOW PATCH Monitor

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Authentication Bypass Salt
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Salt
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

An issue was discovered in SaltStack Salt before 3003.3. Rated medium severity (CVSS 6.4).

Information Disclosure Race Condition Salt +1
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in SaltStack Salt before 3003.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Information Disclosure Salt Fedora +1
NVD
EPSS 4% CVSS 7.8
HIGH POC PATCH This Week

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Command Injection Salt +1
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Authentication Bypass Salt
NVD
EPSS 72% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in SaltStack Salt before 3002.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Salt Fedora +1
NVD GitHub
EPSS 8% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in SaltStack Salt before 3002.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Salt Fedora +1
NVD GitHub
EPSS 5% CVSS 9.1
CRITICAL PATCH Act Now

In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Salt Fedora +1
NVD GitHub
EPSS 1% CVSS 4.4
MEDIUM PATCH This Month

An issue was discovered in through SaltStack Salt before 3002.5. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Salt Fedora +1
NVD GitHub
EPSS 10% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in through SaltStack Salt before 3002.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Salt +2
NVD GitHub
EPSS 92% CVSS 9.1
CRITICAL POC PATCH THREAT Emergency

An issue was discovered in through SaltStack Salt before 3002.5. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Salt Fedora +1
NVD GitHub
EPSS 73% CVSS 9.8
CRITICAL POC PATCH THREAT Emergency

An issue was discovered in through SaltStack Salt before 3002.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Salt Fedora +1
NVD GitHub
EPSS 57% CVSS 9.8
CRITICAL POC PATCH THREAT Emergency

In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Salt Debian Linux
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Salt Debian Linux
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Emergency

An issue was discovered in SaltStack Salt through 3002. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Salt Debian Linux +2
NVD GitHub
EPSS 86% CVSS 6.5
MEDIUM POC KEV PATCH THREAT This Month

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Salt Leap +4
NVD GitHub Exploit-DB
EPSS 96% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Emergency

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Salt Leap +3
NVD GitHub Exploit-DB
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Salt
NVD
EPSS 4% CVSS 5.3
MEDIUM PATCH This Month

Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Salt
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Salt
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Salt
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Salt
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Salt
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Splunk Information Disclosure Salt
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Salt
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Salt
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.

Information Disclosure Salt Fedora
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.

Information Disclosure Salt Fedora
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Salt
NVD
EPSS 0% CVSS 5.6
MEDIUM PATCH This Month

Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Salt
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Salt
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Authentication Bypass Salt +1
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2). Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Information Disclosure Salt
NVD
EPSS 2% CVSS 10.0
CRITICAL PATCH Act Now

The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Salt
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Privilege Escalation Salt
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Salt
NVD
EPSS 1% CVSS 10.0
CRITICAL PATCH Act Now

Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp.". Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Salt
NVD
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

Information Disclosure Salt
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Salt
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy