Search CVE reports

Toggle filters

31 – 40 of 71 results

CVE-2021-25284

Medium priority

Some fixes available 1 of 7

An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
salt Not in release Needs evaluation Not in release Fixed
Show less packages

CVE-2021-25283

Medium priority

Some fixes available 2 of 8

An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
salt Not in release Needs evaluation Not in release Fixed
Show less packages

CVE-2021-25282

Medium priority

Some fixes available 2 of 8

An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
salt Not in release Needs evaluation Not in release Fixed
Show less packages

CVE-2021-25281

Medium priority

Some fixes available 2 of 8

An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
salt Not in release Needs evaluation Not in release Fixed
Show less packages

CVE-2020-35662

Medium priority

Some fixes available 2 of 8

In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
salt Not in release Needs evaluation Not in release Fixed
Show less packages

CVE-2020-28972

Medium priority

Some fixes available 2 of 8

In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
salt Not in release Needs evaluation Not in release Fixed
Show less packages

CVE-2020-28243

Medium priority

Some fixes available 1 of 7

An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on...

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
salt Not in release Needs evaluation Not in release Fixed
Show less packages

CVE-2020-25592

Medium priority

Some fixes available 2 of 8

In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
salt Not in release Needs evaluation Not in release Fixed
Show less packages

CVE-2020-17490

Medium priority

Some fixes available 2 of 7

The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
salt Not in release Not affected Not in release Fixed
Show less packages

CVE-2020-16846

High priority

Some fixes available 3 of 7

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
salt Not in release Not affected Not in release Fixed
Show less packages
  1. Previous page
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. Next page
Export to JSON