Vulnerabilities > Saltstack > Salt > 2016.3.8

DATE CVE VULNERABILITY TITLE RISK
2018-10-24 CVE-2018-15751 Improper Authentication vulnerability in Saltstack Salt
SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).
network
low complexity
saltstack CWE-287
critical
 9.8
9.8
2018-10-24 CVE-2018-15750 Path Traversal vulnerability in Saltstack Salt
Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.
network
low complexity
saltstack CWE-22
5.3
5.3
2017-08-23 CVE-2017-12791 Path Traversal vulnerability in Saltstack Salt
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.
network
low complexity
saltstack CWE-22
critical
 9.8
9.8