Shodan
Vulnerabilities
Vulnerable Software
Saltstack:  Security Vulnerabilities
CVE-2019-1010259
SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from the MySQL module for Salt. The attack vector is: specially crafted password string. The fixed version is: 2018.3.4.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-07-18
CVE-2018-15750
Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.
CVSS Score
5.3
EPSS Score
0.012
Published
2018-10-24
CVE-2018-15751
SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).
CVSS Score
9.8
EPSS Score
0.009
Published
2018-10-24
CVE-2017-7893
In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-04-23
CVE-2017-14695
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12791.
CVSS Score
9.8
EPSS Score
0.004
Published
2017-10-24
CVE-2017-14696
SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request.
CVSS Score
7.5
EPSS Score
0.027
Published
2017-10-24
CVE-2015-6918
salt before 2015.5.5 leaks git usernames and passwords to the log.
CVSS Score
6.3
EPSS Score
0.003
Published
2017-10-10
CVE-2017-5192
When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-09-26
CVE-2017-5200
Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.
CVSS Score
8.8
EPSS Score
0.013
Published
2017-09-26
CVE-2015-4017
Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-08-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved