Vulnerabilities > Saltstack > Salt

DATE CVE VULNERABILITY TITLE RISK
2023-09-05 CVE-2023-20897 Improper Resource Shutdown or Release vulnerability in Saltstack Salt
Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return.
network
low complexity
saltstack CWE-404
5.3
2023-09-05 CVE-2023-20898 Unspecified vulnerability in Saltstack Salt
Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2.
local
high complexity
saltstack
7.8
2023-02-17 CVE-2021-33226 Classic Buffer Overflow vulnerability in Saltstack Salt
Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file.
network
low complexity
saltstack CWE-120
critical
9.8
2022-06-23 CVE-2022-22967 Incorrect Authorization vulnerability in Saltstack Salt
An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2.
network
low complexity
saltstack CWE-863
8.8
2022-03-29 CVE-2022-22934 Unspecified vulnerability in Saltstack Salt
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1.
low complexity
saltstack
8.8
2022-03-29 CVE-2022-22935 Improper Authentication vulnerability in Saltstack Salt
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1.
network
high complexity
saltstack CWE-287
3.7
2022-03-29 CVE-2022-22936 Authentication Bypass by Capture-replay vulnerability in Saltstack Salt
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1.
low complexity
saltstack CWE-294
8.8
2022-03-29 CVE-2022-22941 Incorrect Permission Assignment for Critical Resource vulnerability in Saltstack Salt
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1.
network
low complexity
saltstack CWE-732
8.8
2021-09-08 CVE-2021-21996 An issue was discovered in SaltStack Salt before 3003.3.
network
high complexity
saltstack fedoraproject debian
7.5
2021-09-08 CVE-2021-22004 Race Condition vulnerability in multiple products
An issue was discovered in SaltStack Salt before 3003.3.
local
high complexity
saltstack fedoraproject CWE-362
6.4