Vulnerabilities > Saltstack > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-17 | CVE-2019-17361 | Command Injection vulnerability in multiple products In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. | 9.8 |
| 2019-07-18 | CVE-2019-1010259 | SQL Injection vulnerability in Saltstack Salt 2018 and Salt 2019 SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. | 9.8 |
| 2018-10-24 | CVE-2018-15751 | Improper Authentication vulnerability in Saltstack Salt SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi). | 9.8 |
| 2018-04-23 | CVE-2017-7893 | Unspecified vulnerability in Saltstack Salt In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master. | 9.8 |
| 2017-10-24 | CVE-2017-14695 | Path Traversal vulnerability in Saltstack Salt Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. | 9.8 |
| 2017-08-23 | CVE-2017-12791 | Path Traversal vulnerability in Saltstack Salt Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. | 9.8 |
| 2017-08-09 | CVE-2015-6941 | DEPRECATED: Information Exposure Through Debug Log Files vulnerability in Saltstack Salt 2015 win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs. | 9.8 |
| 2017-02-07 | CVE-2016-9639 | Improper Access Control vulnerability in Saltstack Salt Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching. | 9.1 |