Salt

DATE	CVE	VULNERABILITY TITLE	RISK
2021-02-27	CVE-2020-28972	Improper Certificate Validation vulnerability in multiple products In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate. network high complexity saltstack fedoraproject debian CWE-295	5.9
2021-02-27	CVE-2020-28243	Command Injection vulnerability in multiple products An issue was discovered in SaltStack Salt before 3002.5. local low complexity saltstack fedoraproject debian CWE-77	7.8
2020-11-06	CVE-2020-25592	Improper Authentication vulnerability in multiple products In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. network low complexity saltstack debian CWE-287 critical	9.8
2020-11-06	CVE-2020-17490	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions. local low complexity saltstack debian CWE-732	5.5
2020-11-06	CVE-2020-16846	OS Command Injection vulnerability in multiple products An issue was discovered in SaltStack Salt through 3002. network low complexity saltstack debian fedoraproject CWE-78 critical	9.8
2020-04-30	CVE-2020-11652	Path Traversal vulnerability in multiple products An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. network low complexity saltstack opensuse debian canonical blackberry vmware CWE-22	6.5
2020-04-30	CVE-2020-11651	An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. network low complexity saltstack opensuse debian canonical vmware critical	9.8
2020-01-17	CVE-2019-17361	Command Injection vulnerability in multiple products In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. network low complexity saltstack debian opensuse canonical CWE-77 critical	9.8
2018-10-24	CVE-2018-15751	Improper Authentication vulnerability in Saltstack Salt SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi). network low complexity saltstack CWE-287 critical	9.8
2018-10-24	CVE-2018-15750	Path Traversal vulnerability in Saltstack Salt Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server. network low complexity saltstack CWE-22	5.3