Vulnerabilities > Saltstack > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-05 | CVE-2023-20897 | Improper Resource Shutdown or Release vulnerability in Saltstack Salt Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. | 5.3 |
| 2021-09-08 | CVE-2021-22004 | Race Condition vulnerability in multiple products An issue was discovered in SaltStack Salt before 3003.3. | 6.4 |
| 2021-02-27 | CVE-2021-25284 | Insufficiently Protected Credentials vulnerability in multiple products An issue was discovered in through SaltStack Salt before 3002.5. | 4.4 |
| 2021-02-27 | CVE-2020-28972 | Improper Certificate Validation vulnerability in multiple products In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate. | 5.9 |
| 2020-11-06 | CVE-2020-17490 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions. | 5.5 |
| 2020-04-30 | CVE-2020-11652 | Path Traversal vulnerability in multiple products An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. | 6.5 |
| 2018-10-24 | CVE-2018-15750 | Path Traversal vulnerability in Saltstack Salt Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server. | 5.3 |
| 2017-10-10 | CVE-2015-6918 | Information Exposure vulnerability in Saltstack Salt 2015 salt before 2015.5.5 leaks git usernames and passwords to the log. | 6.3 |
| 2017-04-13 | CVE-2015-1839 | Data Processing Errors vulnerability in multiple products modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. | 5.3 |
| 2017-04-13 | CVE-2015-1838 | Data Processing Errors vulnerability in multiple products modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. | 5.3 |