Vulnerabilities > Saltstack > Salt > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-26 | CVE-2017-5200 | Unspecified vulnerability in Saltstack Salt Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client. | 9.0 |
| 2013-11-05 | CVE-2013-4436 | Improper Input Validation vulnerability in Saltstack Salt 0.17.0 The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle (MITM) attack. | 9.3 |
| 2013-11-05 | CVE-2013-4437 | Insecure Temporary File Handling vulnerability in Saltstack Salt 0.17.0 Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp." | 10.0 |
| 2013-11-05 | CVE-2013-6617 | Permissions, Privileges, and Access Controls vulnerability in Saltstack Salt The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges. | 10.0 |