VIR Vulnerability Intelligence Relay

Package impact

python PyPI / salt

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2015-6918 medium 6.3 6.3 9y ago salt before 2015.5.5 leaks git usernames and passwords to the log. python
CVE-2013-4435 medium 6.0 13y ago Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another rou… python
CVE-2016-3176 medium 5.6 5.6 9y ago Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with … susepython
CVE-2015-1839 medium 5.3 5.3 4y ago modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. fedorapython
CVE-2015-1838 medium 5.3 5.3 9y ago modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. fedorapython
CVE-2013-4439 medium 4.9 13y ago Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key. python
CVE-2015-8034 low 3.3 3.3 4y ago The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file. susepython