Shodan
Vulnerabilities
Vulnerable Software
Saltstack:  >> Salt  >> 2015.8.10  Security Vulnerabilities
CVE-2018-15750
Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.
CVSS Score
5.3
EPSS Score
0.009
Published
2018-10-24
CVE-2018-15751
SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).
CVSS Score
9.8
EPSS Score
0.007
Published
2018-10-24
CVE-2017-7893
In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-04-23
CVE-2017-14695
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12791.
CVSS Score
9.8
EPSS Score
0.004
Published
2017-10-24
CVE-2017-14696
SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request.
CVSS Score
7.5
EPSS Score
0.02
Published
2017-10-24
CVE-2017-5192
When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-09-26
CVE-2017-5200
Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.
CVSS Score
8.8
EPSS Score
0.013
Published
2017-09-26
CVE-2017-12791
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.
CVSS Score
9.8
EPSS Score
0.014
Published
2017-08-23
CVE-2016-9639
Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.
CVSS Score
9.1
EPSS Score
0.003
Published
2017-02-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved