Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: vendors Tag: salt Clear
ID Title
CVE-2020-11652 KEV [KEV] Path Traversal in Saltstack salt (CVE-2020-11652)
path traversal in Saltstack salt (CVE-2020-11652). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `2019.2.4, 3000.2` or later.
CVE-2020-11651 KEV [KEV] Vulnerability in Saltstack salt (CVE-2020-11651)
vulnerability in Saltstack salt (CVE-2020-11651). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `2019.2.4, 3000.2` or later.
CVE-2020-16846 KEV [KEV] OS Command Injection in Saltstack salt (CVE-2020-16846)
OS command injection in Saltstack salt (CVE-2020-16846). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `2015.8.10, 2015.8.13, 2016.3.4, 2016.3.6, 2016.3.8, 2016.11.3, 2016.11.6, 2016.11.10, 2017.7.4, 2017.7.8, 2018.3.5, 2019.2.5, 3000.3` or later.
CVE-2017-14695 Path Traversal in salt (CVE-2017-14695)
path traversal in salt (CVE-2017-14695). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `80d90307b07b3703428ecbb7c8bb468e28a9ae6d, 2016.3.8, 2016.11.8, 2017.7.2` or later.
CVE-2017-14696 Vulnerability in salt (CVE-2017-14696)
vulnerability in salt (CVE-2017-14696). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5f8b5e1a0f23fe0f2be5b3c3e04199b57a53db5b, 2016.3.8, 2016.11.8, 2017.7.2` or later.
CVE-2017-5192 Authentication Bypass in salt (CVE-2017-5192)
authentication bypass in salt (CVE-2017-5192). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2015.8.13, 2016.3.5, 2016.11.2` or later.
CVE-2017-5200 Vulnerability in salt (CVE-2017-5200)
vulnerability in salt (CVE-2017-5200). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2015.8.13, 2016.3.5, 2016.11.2` or later.
CVE-2015-4017 Vulnerability in salt (CVE-2015-4017)
vulnerability in salt (CVE-2015-4017). Data can be tampered with by attackers. Mitigation: upgrade to `2014.7.6` or later.
CVE-2017-12791 Path Traversal in salt (CVE-2017-12791)
path traversal in salt (CVE-2017-12791). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2016.11.7, 2017.7.1` or later.
CVE-2017-8109 Information Disclosure in salt (CVE-2017-8109)
vulnerability in salt (CVE-2017-8109). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2016.11.4` or later.
CVE-2015-1838 Vulnerability in salt (CVE-2015-1838)
vulnerability in salt (CVE-2015-1838). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `e11298d7155e9982749483ca5538e46090caef9c, 2014.7.4` or later.
CVE-2015-1839 modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
CVE-2016-9639 Vulnerability in salt (CVE-2016-9639)
vulnerability in salt (CVE-2016-9639). Confidential information can be exposed externally. Mitigation: upgrade to `2015.8.11` or later.
CVE-2016-3176 Authentication Bypass in salt (CVE-2016-3176)
authentication bypass in salt (CVE-2016-3176). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2015.5.10, 2015.8.8` or later.
CVE-2015-8034 Information Disclosure in salt (CVE-2015-8034)
vulnerability in salt (CVE-2015-8034). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2015.8.3` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →