Vulnerabilities > Saltstack > Salt
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-23 | CVE-2017-7893 | Unspecified vulnerability in Saltstack Salt In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master. | 9.8 |
| 2017-10-24 | CVE-2017-14696 | Improper Input Validation vulnerability in Saltstack Salt SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request. | 7.5 |
| 2017-10-24 | CVE-2017-14695 | Path Traversal vulnerability in Saltstack Salt Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. | 9.8 |
| 2017-09-26 | CVE-2017-5200 | Unspecified vulnerability in Saltstack Salt Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client. | 8.8 |
| 2017-09-26 | CVE-2017-5192 | Improper Authentication vulnerability in Saltstack Salt When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed. | 8.8 |
| 2017-08-25 | CVE-2015-4017 | Improper Certificate Validation vulnerability in Saltstack Salt 2014.7.5 Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules. | 7.5 |
| 2017-08-23 | CVE-2017-12791 | Path Traversal vulnerability in Saltstack Salt Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. | 9.8 |
| 2017-04-25 | CVE-2017-8109 | Information Exposure vulnerability in Saltstack Salt The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients). | 7.8 |
| 2017-04-13 | CVE-2015-1839 | Data Processing Errors vulnerability in multiple products modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. | 5.3 |
| 2017-04-13 | CVE-2015-1838 | Data Processing Errors vulnerability in multiple products modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. | 5.3 |