Vulnerabilities > Saltstack > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-09-05 CVE-2023-20897 Improper Resource Shutdown or Release vulnerability in Saltstack Salt
Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return.
network
low complexity
saltstack CWE-404
5.3
2021-09-08 CVE-2021-22004 Race Condition vulnerability in multiple products
An issue was discovered in SaltStack Salt before 3003.3.
local
high complexity
saltstack fedoraproject CWE-362
6.4
2021-02-27 CVE-2021-25284 Insufficiently Protected Credentials vulnerability in multiple products
An issue was discovered in through SaltStack Salt before 3002.5.
local
low complexity
saltstack fedoraproject debian CWE-522
4.4
2021-02-27 CVE-2020-28972 Improper Certificate Validation vulnerability in multiple products
In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.
network
high complexity
saltstack fedoraproject debian CWE-295
5.9
2020-11-06 CVE-2020-17490 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.
local
low complexity
saltstack debian CWE-732
5.5
2020-04-30 CVE-2020-11652 Path Traversal vulnerability in multiple products
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2.
4.0
2019-12-03 CVE-2013-2228 Improper Restriction of Excessive Authentication Attempts vulnerability in Saltstack 0.14.0/0.14.1/0.15.0
SaltStack RSA Key Generation allows remote users to decrypt communications
network
saltstack CWE-307
4.3
2018-10-24 CVE-2018-15750 Path Traversal vulnerability in Saltstack Salt
Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.
network
low complexity
saltstack CWE-22
5.0
2017-10-24 CVE-2017-14696 Improper Input Validation vulnerability in Saltstack Salt
SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request.
network
low complexity
saltstack CWE-20
5.0
2017-09-26 CVE-2017-5192 Improper Authentication vulnerability in Saltstack Salt
When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed.
network
low complexity
saltstack CWE-287
6.5