Saltstack: >> Salt >> 0.17.0 Security Vulnerabilities
The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle (MITM) attack.
CVSS Score
9.3
EPSS Score
0.007
Published
2013-11-05
Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp."
CVSS Score
10.0
EPSS Score
0.007
Published
2013-11-05
Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to be loaded has already been determined to be safe.
CVSS Score
7.5
EPSS Score
0.006
Published
2013-11-05
Page 5