Shodan
Vulnerabilities
Vulnerable Software
Saltstack:  >> Salt  Security Vulnerabilities
CVE-2015-1839
modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
CVSS Score
5.3
EPSS Score
0.001
Published
2017-04-13
CVE-2016-9639
Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.
CVSS Score
9.1
EPSS Score
0.003
Published
2017-02-07
CVE-2016-3176
Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.
CVSS Score
5.6
EPSS Score
0.002
Published
2017-01-31
CVE-2015-8034
The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.
CVSS Score
3.3
EPSS Score
0.0
Published
2017-01-30
CVE-2016-1866
Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master data stream.
CVSS Score
8.1
EPSS Score
0.009
Published
2016-04-12
CVE-2014-3563
Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.
CVSS Score
7.2
EPSS Score
0.001
Published
2014-08-22
CVE-2013-6617
The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges.
CVSS Score
10.0
EPSS Score
0.017
Published
2013-11-05
CVE-2013-4439
Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key.
CVSS Score
4.9
EPSS Score
0.002
Published
2013-11-05
CVE-2013-4435
Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine.
CVSS Score
6.0
EPSS Score
0.003
Published
2013-11-05
CVE-2013-4436
The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle (MITM) attack.
CVSS Score
9.3
EPSS Score
0.007
Published
2013-11-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved