Vulnerabilities > Saltstack
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-23 | CVE-2021-31607 | OS Command Injection vulnerability in multiple products In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. | 7.8 |
| 2021-03-03 | CVE-2021-25315 | Improper Authentication vulnerability in Saltstack Salt CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. | 7.8 |
| 2021-02-27 | CVE-2021-3197 | Injection vulnerability in multiple products An issue was discovered in SaltStack Salt before 3002.5. | 9.8 |
| 2021-02-27 | CVE-2021-3148 | Command Injection vulnerability in multiple products An issue was discovered in SaltStack Salt before 3002.5. | 9.8 |
| 2021-02-27 | CVE-2021-3144 | Insufficient Session Expiration vulnerability in multiple products In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. | 9.1 |
| 2021-02-27 | CVE-2021-25284 | Insufficiently Protected Credentials vulnerability in multiple products An issue was discovered in through SaltStack Salt before 3002.5. | 4.4 |
| 2021-02-27 | CVE-2021-25283 | Code Injection vulnerability in multiple products An issue was discovered in through SaltStack Salt before 3002.5. | 9.8 |
| 2021-02-27 | CVE-2021-25282 | Path Traversal vulnerability in multiple products An issue was discovered in through SaltStack Salt before 3002.5. | 9.1 |
| 2021-02-27 | CVE-2021-25281 | Improper Authentication vulnerability in multiple products An issue was discovered in through SaltStack Salt before 3002.5. | 9.8 |
| 2021-02-27 | CVE-2020-35662 | Improper Certificate Validation vulnerability in multiple products In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated. | 7.4 |