Search CVE reports

Toggle filters

31 – 40 of 71 results

CVE-2021-25282

Medium priority

Some fixes available 2 of 8

An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
salt Not in release Needs evaluation Not in release Fixed
Show less packages

CVE-2021-25281

Medium priority

Some fixes available 2 of 8

An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
salt Not in release Needs evaluation Not in release Fixed
Show less packages

CVE-2021-22004

Low priority
Needs evaluation

An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to...

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
salt Not in release Needs evaluation Not in release Needs evaluation
Show less packages

CVE-2021-21996

Medium priority
Needs evaluation

An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
salt Not in release Needs evaluation Not in release Needs evaluation
Show less packages

CVE-2020-35662

Medium priority

Some fixes available 2 of 8

In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
salt Not in release Needs evaluation Not in release Fixed
Show less packages

CVE-2020-28972

Medium priority

Some fixes available 2 of 8

In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
salt Not in release Needs evaluation Not in release Fixed
Show less packages

CVE-2020-28243

Medium priority

Some fixes available 1 of 7

An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on...

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
salt Not in release Needs evaluation Not in release Fixed
Show less packages

CVE-2020-25592

Medium priority

Some fixes available 2 of 8

In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
salt Not in release Needs evaluation Not in release Fixed
Show less packages

CVE-2020-17490

Medium priority

Some fixes available 2 of 7

The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
salt Not in release Not affected Not in release Fixed
Show less packages

CVE-2020-16846

High priority

Some fixes available 3 of 7

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
salt Not in release Not affected Not in release Fixed
Show less packages
  1. Previous page
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. Next page
Export to JSON