Search CVE reports
41 – 50 of 59 results
CVE-2017-5200
Medium prioritySalt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client. Users of Salt-API and salt-ssh could execute a...
1 affected package
salt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
salt | Not in release | Not affected | Not in release | Not affected | Vulnerable |
CVE-2017-5192
Medium priorityWhen using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to...
1 affected package
salt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
salt | Not in release | Not affected | Not in release | Not affected | Vulnerable |
CVE-2015-4017
Medium prioritySalt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules.
1 affected package
salt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
salt | — | — | — | Not affected | Not affected |
CVE-2017-12791
Medium prioritySome fixes available 2 of 4
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.
1 affected package
salt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
salt | — | Not affected | Not in release | Not affected | Fixed |
CVE-2015-6941
Medium prioritySome fixes available 1 of 3
win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs.
1 affected package
salt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
salt | — | — | — | Not affected | Not affected |
CVE-2017-8109
Medium priorityThe salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).
1 affected package
salt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
salt | — | — | — | Not affected | Not affected |
CVE-2015-1839
Low prioritymodules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
1 affected package
salt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
salt | — | — | — | Not affected | Not affected |
CVE-2015-1838
Low prioritymodules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
1 affected package
salt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
salt | — | — | — | Not affected | Not affected |
CVE-2016-9639
Medium prioritySalt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.
1 affected package
salt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
salt | Not in release | Not affected | Not in release | Not affected | Vulnerable |
CVE-2016-3176
High prioritySalt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.
1 affected package
salt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
salt | Not in release | Not affected | Not in release | Not affected | Not affected |