VIR Vulnerability Intelligence Relay

Package impact

python PyPI / salt

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2013-6617 critical 10.0 13y ago The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges. python
CVE-2013-4437 critical 10.0 13y ago Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp." python
CVE-2017-14695 critical 9.8 9.8 9y ago Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials … susepython
CVE-2017-12791 critical 9.8 9.8 9y ago Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master … susepython
CVE-2015-6941 critical 9.8 9.8 9y ago win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs. python
CVE-2013-4436 critical 9.3 13y ago The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle … python
CVE-2016-9639 critical 9.1 9.1 9y ago Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching. susepython