VIR Vulnerability Intelligence Relay

Package impact

python PyPI / salt

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2013-6617 critical 10.0 13y ago The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges. python
CVE-2013-4437 critical 10.0 13y ago Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp." python
CVE-2017-14695 critical 9.8 9.8 9y ago Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials … susepython
CVE-2017-12791 critical 9.8 9.8 9y ago Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master … susepython
CVE-2015-6941 critical 9.8 9.8 9y ago win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs. python
CVE-2013-4436 critical 9.3 13y ago The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle … python
CVE-2016-9639 critical 9.1 9.1 9y ago Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching. susepython
CVE-2017-5200 high 8.8 8.8 9y ago Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client. susepython
CVE-2017-5192 high 8.8 8.8 9y ago When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all au… python
CVE-2016-1866 high 8.1 8.1 10y ago Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master dat… susepython
CVE-2017-8109 high 7.8 7.8 9y ago The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on co… susepython
CVE-2017-14696 high 7.5 7.5 4y ago SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request. susepython
CVE-2015-4017 high 7.5 7.5 9y ago Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules. python
CVE-2013-4438 high 7.5 13y ago Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to … python
CVE-2014-3563 high 7.2 12y ago Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-s… python
CVE-2015-6918 medium 6.3 6.3 9y ago salt before 2015.5.5 leaks git usernames and passwords to the log. python
CVE-2013-4435 medium 6.0 13y ago Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another rou… python
CVE-2016-3176 medium 5.6 5.6 9y ago Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with … susepython
CVE-2015-1839 medium 5.3 5.3 4y ago modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. fedorapython
CVE-2015-1838 medium 5.3 5.3 9y ago modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. fedorapython
CVE-2013-4439 medium 4.9 13y ago Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key. python