Shodan
Vulnerabilities
Vulnerable Software
Saltstack:  >> Salt  Security Vulnerabilities
CVE-2018-15751
SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).
CVSS Score
9.8
EPSS Score
0.009
Published
2018-10-24
CVE-2017-7893
In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-04-23
CVE-2017-14695
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12791.
CVSS Score
9.8
EPSS Score
0.004
Published
2017-10-24
CVE-2017-14696
SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request.
CVSS Score
7.5
EPSS Score
0.027
Published
2017-10-24
CVE-2017-5192
When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-09-26
CVE-2017-5200
Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.
CVSS Score
8.8
EPSS Score
0.013
Published
2017-09-26
CVE-2015-4017
Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-08-25
CVE-2017-12791
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.
CVSS Score
9.8
EPSS Score
0.014
Published
2017-08-23
CVE-2017-8109
The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).
CVSS Score
7.8
EPSS Score
0.0
Published
2017-04-25
CVE-2015-1838
modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
CVSS Score
5.3
EPSS Score
0.002
Published
2017-04-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved