threat
engine
.sh
Back
·
··:··
Home
/
Product
/
saltstack salt
Product
saltstack salt
52 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2024-38824
>= 3006.0 and < 3006.12
Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.
9.6
CRITICAL
CVE-2023-20898
< 3005.2
Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 300
4.2
MEDIUM
CVE-2023-20897
< 3005.2
Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server e
5.3
MEDIUM
CVE-2021-33226
<= 3003
Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in sa
9.8
CRITICAL
CVE-2022-22967
< 3002.9
An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, whi
8.8
HIGH
CVE-2022-22941
>= 3002 and < 3002.8
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with
8.8
HIGH
CVE-2022-22936
>= 3002 and < 3002.8
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are sus
8.8
HIGH
CVE-2022-22935
>= 3002 and < 3002.8
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can
3.7
LOW
CVE-2022-22934
>= 3002 and < 3002.8
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the
8.8
HIGH
CVE-2021-22004
< 3000.3
An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\
6.4
MEDIUM
CVE-2021-21996
< 3000.3
An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full
7.5
HIGH
CVE-2021-31607
>= 2016.9 and <= 3002.6
In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local priv
7.8
HIGH
CVE-2021-25315
< 3002.2
CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local att
9.8
CRITICAL
CVE-2021-3197
< 2015.8.10
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including
9.8
CRITICAL
CVE-2021-3148
< 2015.8.10
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thi
9.8
CRITICAL
CVE-2021-3144
< 2015.8.10
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the sa
9.1
CRITICAL
CVE-2021-25284
< 2015.8.10
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log
4.4
MEDIUM
CVE-2021-25283
< 2015.8.10
An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template
9.8
CRITICAL
CVE-2021-25282
< 2015.8.10
An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directo
9.1
CRITICAL
CVE-2021-25281
< 2015.8.10
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async cli
9.8
CRITICAL
CVE-2020-35662
< 2015.8.10
In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validate
7.4
HIGH
CVE-2020-28972
< 2015.8.10
In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not alw
5.9
MEDIUM
CVE-2020-28243
< 2015.8.10
An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafte
7.8
HIGH
CVE-2020-25592
< 2015.8.10
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication an
9.8
CRITICAL
CVE-2020-17490
< 2015.8.10
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.
5.5
MEDIUM
CVE-2020-16846
< 2015.8.10
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled,
9.8
CRITICAL
CVE-2020-11652
< 2019.2.4
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows
6.5
MEDIUM
CVE-2020-11651
< 2019.2.4
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does no
9.8
CRITICAL
CVE-2019-17361
<= 2019.2.0
In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allo
9.8
CRITICAL
CVE-2018-15751
< 2017.7.8
SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary
9.8
CRITICAL
CVE-2018-15750
< 2017.7.8
Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attacke
5.3
MEDIUM
CVE-2017-7893
< 2016.3.6
In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master.
9.8
CRITICAL
CVE-2017-14696
<= 2016.3.7
SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial
7.5
HIGH
CVE-2017-14695
<= 2016.3.7
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.
9.8
CRITICAL
CVE-2017-5200
<= 2015.8.12
Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command exe
8.8
HIGH
CVE-2017-5192
<= 2015.8.12
When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before
8.8
HIGH
CVE-2015-4017
all versions
Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules.
7.5
HIGH
CVE-2017-12791
<= 2016.11.6
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows r
9.8
CRITICAL
CVE-2017-8109
all versions
The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusti
7.8
HIGH
CVE-2015-1839
<= 2014.7.3
modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
5.3
MEDIUM
CVE-2015-1838
<= 2014.7.3
modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
5.3
MEDIUM
CVE-2016-9639
<= 2015.8.10
Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.
9.1
CRITICAL
CVE-2016-3176
<= 2015.5.9
Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the co
5.6
MEDIUM
CVE-2015-8034
<= 2015.8.2
The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensiti
3.3
LOW
CVE-2016-1866
all versions
Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to e
8.1
HIGH
CVE-2014-3563
<= 2014.1.9
Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via
CVE-2013-6617
all versions
The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for r
CVE-2013-4439
all versions
Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a craft
CVE-2013-4438
<= 0.17.0
Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vend
CVE-2013-4437
all versions
Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vectors related to "insecure Usage
CVE-2013-4436
all versions
The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows
CVE-2013-4435
all versions
Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL t
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin