Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2020-11651 KEV |
|
[KEV] Vulnerability in Saltstack salt (CVE-2020-11651)
vulnerability in Saltstack salt (CVE-2020-11651). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `2019.2.4, 3000.2` or later.
|
| CVE-2020-16846 KEV |
|
[KEV] OS Command Injection in Saltstack salt (CVE-2020-16846)
OS command injection in Saltstack salt (CVE-2020-16846). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `2015.8.10, 2015.8.13, 2016.3.4, 2016.3.6, 2016.3.8, 2016.11.3, 2016.11.6, 2016.11.10, 2017.7.4, 2017.7.8, 2018.3.5, 2019.2.5, 3000.3` or later.
|
| CVE-2020-11652 KEV |
|
[KEV] Path Traversal in Saltstack salt (CVE-2020-11652)
path traversal in Saltstack salt (CVE-2020-11652). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `2019.2.4, 3000.2` or later.
|
| CVE-2017-14696 |
|
Vulnerability in salt (CVE-2017-14696)
vulnerability in salt (CVE-2017-14696). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5f8b5e1a0f23fe0f2be5b3c3e04199b57a53db5b, 2016.3.8, 2016.11.8, 2017.7.2` or later.
|
| CVE-2017-14695 |
|
Path Traversal in salt (CVE-2017-14695)
path traversal in salt (CVE-2017-14695). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `80d90307b07b3703428ecbb7c8bb468e28a9ae6d, 2016.3.8, 2016.11.8, 2017.7.2` or later.
|
| CVE-2015-6918 |
|
salt before 2015.5.5 leaks git usernames and passwords to the log.
salt before 2015.5.5 leaks git usernames and passwords to the log.
|
| CVE-2017-5192 |
|
Authentication Bypass in salt (CVE-2017-5192)
authentication bypass in salt (CVE-2017-5192). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2015.8.13, 2016.3.5, 2016.11.2` or later.
|
| CVE-2017-5200 |
|
Vulnerability in salt (CVE-2017-5200)
vulnerability in salt (CVE-2017-5200). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2015.8.13, 2016.3.5, 2016.11.2` or later.
|
| CVE-2015-4017 |
|
Vulnerability in salt (CVE-2015-4017)
vulnerability in salt (CVE-2015-4017). Data can be tampered with by attackers. Mitigation: upgrade to `2014.7.6` or later.
|
| CVE-2017-12791 |
|
Path Traversal in salt (CVE-2017-12791)
path traversal in salt (CVE-2017-12791). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2016.11.7, 2017.7.1` or later.
|
| CVE-2015-6941 |
|
Vulnerability in salt (CVE-2015-6941)
vulnerability in salt (CVE-2015-6941). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `c0689e32154c41f59840ae10ffc5fbfa30618710, 2015.5.6, 2015.8.1` or later.
|
| CVE-2017-8109 |
|
Information Disclosure in salt (CVE-2017-8109)
vulnerability in salt (CVE-2017-8109). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2016.11.4` or later.
|
| CVE-2015-1838 |
|
Vulnerability in salt (CVE-2015-1838)
vulnerability in salt (CVE-2015-1838). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `e11298d7155e9982749483ca5538e46090caef9c, 2014.7.4` or later.
|
| CVE-2015-1839 |
|
modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
|
| CVE-2016-9639 |
|
Vulnerability in salt (CVE-2016-9639)
vulnerability in salt (CVE-2016-9639). Confidential information can be exposed externally. Mitigation: upgrade to `2015.8.11` or later.
|
| CVE-2016-3176 |
|
Authentication Bypass in salt (CVE-2016-3176)
authentication bypass in salt (CVE-2016-3176). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2015.5.10, 2015.8.8` or later.
|
| CVE-2015-8034 |
|
Information Disclosure in salt (CVE-2015-8034)
vulnerability in salt (CVE-2015-8034). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2015.8.3` or later.
|