Vulnerabilities > Saltstack

DATE CVE VULNERABILITY TITLE RISK
2021-04-23 CVE-2021-31607 OS Command Injection vulnerability in multiple products
In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion.
local
low complexity
saltstack fedoraproject CWE-78
7.8
2021-03-03 CVE-2021-25315 Unspecified vulnerability in Saltstack Salt
CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials.
local
low complexity
saltstack
7.8
2021-02-27 CVE-2021-3197 Injection vulnerability in multiple products
An issue was discovered in SaltStack Salt before 3002.5.
network
low complexity
saltstack fedoraproject debian CWE-74
critical
9.8
2021-02-27 CVE-2021-3148 Command Injection vulnerability in multiple products
An issue was discovered in SaltStack Salt before 3002.5.
network
low complexity
saltstack fedoraproject debian CWE-77
critical
9.8
2021-02-27 CVE-2021-3144 Insufficient Session Expiration vulnerability in multiple products
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration.
network
low complexity
saltstack fedoraproject debian CWE-613
critical
9.1
2021-02-27 CVE-2021-25284 Insufficiently Protected Credentials vulnerability in multiple products
An issue was discovered in through SaltStack Salt before 3002.5.
local
low complexity
saltstack fedoraproject debian CWE-522
4.4
2021-02-27 CVE-2021-25283 Code Injection vulnerability in multiple products
An issue was discovered in through SaltStack Salt before 3002.5.
network
low complexity
saltstack fedoraproject debian CWE-94
critical
9.8
2021-02-27 CVE-2021-25282 Path Traversal vulnerability in multiple products
An issue was discovered in through SaltStack Salt before 3002.5.
network
low complexity
saltstack fedoraproject debian CWE-22
critical
9.1
2021-02-27 CVE-2021-25281 Improper Authentication vulnerability in multiple products
An issue was discovered in through SaltStack Salt before 3002.5.
network
low complexity
saltstack fedoraproject debian CWE-287
critical
9.8
2021-02-27 CVE-2020-35662 Improper Certificate Validation vulnerability in multiple products
In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.
network
high complexity
saltstack fedoraproject debian CWE-295
7.4