Vulnerabilities > Saltstack > Salt > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-13 | CVE-2015-1838 | Data Processing Errors vulnerability in multiple products modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. | 4.6 |
| 2017-01-31 | CVE-2016-3176 | Improper Authentication vulnerability in Saltstack Salt Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient. | 4.3 |
| 2016-04-12 | CVE-2016-1866 | Improper Access Control vulnerability in multiple products Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master data stream. | 6.8 |
| 2013-11-05 | CVE-2013-4439 | Permissions, Privileges, and Access Controls vulnerability in Saltstack Salt Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key. | 4.9 |
| 2013-11-05 | CVE-2013-4435 | Improper Authentication vulnerability in Saltstack Salt Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine. | 6.0 |