Vulnerabilities > Saltstack > Salt > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-30 | CVE-2020-11651 | An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. | 7.5 |
| 2018-10-24 | CVE-2018-15751 | Improper Authentication vulnerability in Saltstack Salt SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi). | 7.5 |
| 2018-04-23 | CVE-2017-7893 | Unspecified vulnerability in Saltstack Salt In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master. | 7.5 |
| 2017-10-24 | CVE-2017-14695 | Path Traversal vulnerability in Saltstack Salt Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. | 7.5 |
| 2017-08-25 | CVE-2015-4017 | Improper Certificate Validation vulnerability in Saltstack Salt 2014.7.5 Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules. | 7.5 |
| 2017-08-23 | CVE-2017-12791 | Path Traversal vulnerability in Saltstack Salt Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. | 7.5 |
| 2017-02-07 | CVE-2016-9639 | Improper Access Control vulnerability in Saltstack Salt Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching. | 7.5 |
| 2014-08-22 | CVE-2014-3563 | Link Following vulnerability in Saltstack Salt Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud. | 7.2 |
| 2013-11-05 | CVE-2013-4438 | Code Injection vulnerability in Saltstack Salt Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. | 7.5 |