Vulnerabilities > Saltstack

DATE CVE VULNERABILITY TITLE RISK
2021-04-23 CVE-2021-31607 Command Injection vulnerability in Saltstack Salt
In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion.
local
low complexity
saltstack CWE-77
4.6
2021-02-27 CVE-2021-3197 Injection vulnerability in multiple products
An issue was discovered in SaltStack Salt before 3002.5.
network
low complexity
saltstack fedoraproject CWE-74
7.5
2021-02-27 CVE-2021-3148 Command Injection vulnerability in multiple products
An issue was discovered in SaltStack Salt before 3002.5.
network
low complexity
saltstack fedoraproject CWE-77
7.5
2021-02-27 CVE-2021-3144 Insufficient Session Expiration vulnerability in multiple products
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration.
network
low complexity
saltstack fedoraproject CWE-613
7.5
2021-02-27 CVE-2021-25284 Cleartext Storage of Sensitive Information vulnerability in multiple products
An issue was discovered in through SaltStack Salt before 3002.5.
1.9
2021-02-27 CVE-2021-25283 Code Injection vulnerability in multiple products
An issue was discovered in through SaltStack Salt before 3002.5.
network
low complexity
saltstack fedoraproject CWE-94
7.5
2021-02-27 CVE-2021-25282 Path Traversal vulnerability in multiple products
An issue was discovered in through SaltStack Salt before 3002.5.
network
low complexity
saltstack fedoraproject CWE-22
6.4
2021-02-27 CVE-2021-25281 Improper Authentication vulnerability in multiple products
An issue was discovered in through SaltStack Salt before 3002.5.
network
low complexity
saltstack fedoraproject CWE-287
7.5
2021-02-27 CVE-2020-35662 Improper Certificate Validation vulnerability in multiple products
In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.
5.8
2021-02-27 CVE-2020-28972 Improper Certificate Validation vulnerability in multiple products
In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.
4.3