Vulnerabilities > Saltstack > Salt > 3001.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-05 | CVE-2023-20897 | Improper Resource Shutdown or Release vulnerability in Saltstack Salt Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. | 5.3 |
| 2023-09-05 | CVE-2023-20898 | Unspecified vulnerability in Saltstack Salt Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. | 7.8 |
| 2023-02-17 | CVE-2021-33226 | Classic Buffer Overflow vulnerability in Saltstack Salt Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. | 9.8 |
| 2022-06-23 | CVE-2022-22967 | Incorrect Authorization vulnerability in Saltstack Salt An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. | 8.8 |
| 2021-04-23 | CVE-2021-31607 | OS Command Injection vulnerability in multiple products In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. | 7.8 |
| 2021-03-03 | CVE-2021-25315 | Unspecified vulnerability in Saltstack Salt CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. | 7.8 |
| 2021-02-27 | CVE-2021-3197 | Injection vulnerability in multiple products An issue was discovered in SaltStack Salt before 3002.5. | 9.8 |
| 2021-02-27 | CVE-2021-3148 | Command Injection vulnerability in multiple products An issue was discovered in SaltStack Salt before 3002.5. | 9.8 |
| 2021-02-27 | CVE-2021-3144 | Insufficient Session Expiration vulnerability in multiple products In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. | 9.1 |
| 2021-02-27 | CVE-2021-25284 | Insufficiently Protected Credentials vulnerability in multiple products An issue was discovered in through SaltStack Salt before 3002.5. | 4.4 |