Vulnerabilities > Saltstack > Salt > 0.16.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-23 | CVE-2017-12791 | Path Traversal vulnerability in Saltstack Salt Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. | 9.8 |
| 2017-04-13 | CVE-2015-1839 | Data Processing Errors vulnerability in multiple products modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. | 5.3 |
| 2017-04-13 | CVE-2015-1838 | Data Processing Errors vulnerability in multiple products modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. | 5.3 |
| 2017-02-07 | CVE-2016-9639 | Improper Access Control vulnerability in Saltstack Salt Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching. | 9.1 |
| 2017-01-31 | CVE-2016-3176 | Improper Authentication vulnerability in Saltstack Salt Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient. | 5.6 |
| 2017-01-30 | CVE-2015-8034 | Information Exposure vulnerability in Saltstack Salt The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file. | 3.3 |