Vulnerabilities > Saltstack > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-05 | CVE-2023-20898 | Unspecified vulnerability in Saltstack Salt Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. | 7.8 |
| 2022-06-23 | CVE-2022-22967 | Incorrect Authorization vulnerability in Saltstack Salt An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. | 8.8 |
| 2022-03-29 | CVE-2022-22934 | Unspecified vulnerability in Saltstack Salt An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. low complexity saltstack | 8.8 |
| 2022-03-29 | CVE-2022-22936 | Authentication Bypass by Capture-replay vulnerability in Saltstack Salt An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. | 8.8 |
| 2022-03-29 | CVE-2022-22941 | Incorrect Permission Assignment for Critical Resource vulnerability in Saltstack Salt An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. | 8.8 |
| 2021-09-08 | CVE-2021-21996 | An issue was discovered in SaltStack Salt before 3003.3. | 7.5 |
| 2021-04-23 | CVE-2021-31607 | OS Command Injection vulnerability in multiple products In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. | 7.8 |
| 2021-03-03 | CVE-2021-25315 | Improper Authentication vulnerability in Saltstack Salt CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. | 7.8 |
| 2021-02-27 | CVE-2020-35662 | Improper Certificate Validation vulnerability in multiple products In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated. | 7.4 |
| 2021-02-27 | CVE-2020-28243 | Command Injection vulnerability in multiple products An issue was discovered in SaltStack Salt before 3002.5. | 7.8 |