Saltstack: Security Vulnerabilities
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.
CVSS Score
9.8
EPSS Score
0.94
Published
2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.
CVSS Score
9.1
EPSS Score
0.912
Published
2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.
CVSS Score
9.8
EPSS Score
0.074
Published
2021-02-27
CVE-2020-16846
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2020-11-06
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.
CVSS Score
5.5
EPSS Score
0.0
Published
2020-11-06
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.
CVSS Score
9.8
EPSS Score
0.582
Published
2020-11-06
CVE-2020-11651
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2020-04-30
CVE-2020-11652
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
Known exploited
CVSS Score
6.5
EPSS Score
0.939
Published
2020-04-30
In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.
CVSS Score
9.8
EPSS Score
0.136
Published
2020-01-17
SaltStack RSA Key Generation allows remote users to decrypt communications
CVSS Score
8.1
EPSS Score
0.01
Published
2019-12-03