Vulnerabilities > Saltstack
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-23 | CVE-2021-31607 | Command Injection vulnerability in Saltstack Salt In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. | 4.6 |
| 2021-02-27 | CVE-2021-3197 | Injection vulnerability in multiple products An issue was discovered in SaltStack Salt before 3002.5. | 7.5 |
| 2021-02-27 | CVE-2021-3148 | Command Injection vulnerability in multiple products An issue was discovered in SaltStack Salt before 3002.5. | 7.5 |
| 2021-02-27 | CVE-2021-3144 | Insufficient Session Expiration vulnerability in multiple products In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. | 7.5 |
| 2021-02-27 | CVE-2021-25284 | Cleartext Storage of Sensitive Information vulnerability in multiple products An issue was discovered in through SaltStack Salt before 3002.5. | 1.9 |
| 2021-02-27 | CVE-2021-25283 | Code Injection vulnerability in multiple products An issue was discovered in through SaltStack Salt before 3002.5. | 7.5 |
| 2021-02-27 | CVE-2021-25282 | Path Traversal vulnerability in multiple products An issue was discovered in through SaltStack Salt before 3002.5. | 6.4 |
| 2021-02-27 | CVE-2021-25281 | Improper Authentication vulnerability in multiple products An issue was discovered in through SaltStack Salt before 3002.5. | 7.5 |
| 2021-02-27 | CVE-2020-35662 | Improper Certificate Validation vulnerability in multiple products In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated. | 5.8 |
| 2021-02-27 | CVE-2020-28972 | Improper Certificate Validation vulnerability in multiple products In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate. | 4.3 |