Vulnerabilities > Saltstack
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-24 | CVE-2018-15751 | Improper Authentication vulnerability in Saltstack Salt SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi). | 9.8 |
| 2018-10-24 | CVE-2018-15750 | Path Traversal vulnerability in Saltstack Salt Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server. | 5.3 |
| 2018-04-23 | CVE-2017-7893 | Unspecified vulnerability in Saltstack Salt In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master. | 9.8 |
| 2017-10-24 | CVE-2017-14696 | Improper Input Validation vulnerability in Saltstack Salt SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request. | 7.5 |
| 2017-10-24 | CVE-2017-14695 | Path Traversal vulnerability in Saltstack Salt Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. | 9.8 |
| 2017-10-10 | CVE-2015-6918 | Information Exposure vulnerability in Saltstack Salt 2015 salt before 2015.5.5 leaks git usernames and passwords to the log. | 6.3 |
| 2017-09-26 | CVE-2017-5200 | Unspecified vulnerability in Saltstack Salt Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client. | 8.8 |
| 2017-09-26 | CVE-2017-5192 | Improper Authentication vulnerability in Saltstack Salt When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed. | 8.8 |
| 2017-08-25 | CVE-2015-4017 | Improper Certificate Validation vulnerability in Saltstack Salt 2014.7.5 Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules. | 7.5 |
| 2017-08-23 | CVE-2017-12791 | Path Traversal vulnerability in Saltstack Salt Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. | 9.8 |