Vulnerabilities > Saltstack > Salt > High

DATE CVE VULNERABILITY TITLE RISK
2023-09-05 CVE-2023-20898 Unspecified vulnerability in Saltstack Salt
Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2.
local
high complexity
saltstack
7.8
2022-06-23 CVE-2022-22967 Incorrect Authorization vulnerability in Saltstack Salt
An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2.
network
low complexity
saltstack CWE-863
8.8
2022-03-29 CVE-2022-22934 Unspecified vulnerability in Saltstack Salt
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1.
low complexity
saltstack
8.8
2022-03-29 CVE-2022-22936 Authentication Bypass by Capture-replay vulnerability in Saltstack Salt
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1.
low complexity
saltstack CWE-294
8.8
2022-03-29 CVE-2022-22941 Incorrect Permission Assignment for Critical Resource vulnerability in Saltstack Salt
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1.
network
low complexity
saltstack CWE-732
8.8
2021-09-08 CVE-2021-21996 An issue was discovered in SaltStack Salt before 3003.3.
network
high complexity
saltstack fedoraproject debian
7.5
2021-04-23 CVE-2021-31607 OS Command Injection vulnerability in multiple products
In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion.
local
low complexity
saltstack fedoraproject CWE-78
7.8
2021-03-03 CVE-2021-25315 Improper Authentication vulnerability in Saltstack Salt
CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials.
local
low complexity
saltstack CWE-287
7.8
2021-02-27 CVE-2020-35662 Improper Certificate Validation vulnerability in multiple products
In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.
network
high complexity
saltstack fedoraproject debian CWE-295
7.4
2021-02-27 CVE-2020-28243 Command Injection vulnerability in multiple products
An issue was discovered in SaltStack Salt before 3002.5.
local
low complexity
saltstack fedoraproject debian CWE-77
7.8