CVE search results

21 – 30 of 59 results

Detailed view

Sort by:

CVE-2021-25282

Medium priority

Some fixes available 2 of 8

An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.

1 affected packages

salt

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
salt	Not in release	Needs evaluation	Not in release	Fixed	Fixed

CVE-2021-25281

Medium priority

Some fixes available 2 of 8

An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.

1 affected packages

salt

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
salt	Not in release	Needs evaluation	Not in release	Fixed	Fixed

CVE-2020-35662

Medium priority

Some fixes available 2 of 8

In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.

1 affected packages

salt

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
salt	Not in release	Needs evaluation	Not in release	Fixed	Fixed

CVE-2020-28972

Medium priority

Some fixes available 2 of 8

In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.

1 affected packages

salt

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
salt	Not in release	Needs evaluation	Not in release	Fixed	Fixed

CVE-2020-28243

Medium priority

Some fixes available 1 of 7

An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on...

1 affected packages

salt

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
salt	Not in release	Needs evaluation	Not in release	Fixed	Not affected

CVE-2020-25592

Medium priority

Some fixes available 2 of 8

In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.

1 affected packages

salt

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
salt	Not in release	Needs evaluation	Not in release	Fixed	Fixed

CVE-2020-17490

Medium priority

Some fixes available 2 of 8

The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.

1 affected packages

salt

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
salt	Not in release	Needs evaluation	Not in release	Fixed	Fixed

CVE-2020-16846

High priority

Some fixes available 2 of 8

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.

1 affected packages

salt

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
salt	Not in release	Needs evaluation	Not in release	Fixed	Fixed

CVE-2020-11652

Medium priority

Some fixes available 3 of 4

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory...

1 affected packages

salt

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
salt	Not in release	Not affected	Not in release	Fixed	Fixed

CVE-2020-11651

Medium priority

Some fixes available 3 of 4

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods...

1 affected packages

salt

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
salt	Not in release	Not affected	Not in release	Fixed	Fixed

Export to JSON

Results by page:

Search CVE reports