Latest version: v3007.1
| CVE/PVE | Vulnerability ID | Advisory | Affected versions | Severity | Severity Score |
|---|---|---|---|---|---|
| CVE-2021-25284 | 41949 |
An issue was discovered in SaltStack Salt before 3002.5 identified as… |
|
MEDIUM | 4.4 |
| CVE-2021-3197 | 41952 |
Salt versions 3002.5, 3001.4, 3000.6, 2019.2.8, 2019.2.5, 2018.3.5, 2… |
|
CRITICAL | 9.8 |
| CVE-2021-25282 | 41947 |
An issue was discovered in through SaltStack Salt before 3002.5, iden… |
|
CRITICAL | 9.1 |
| CVE-2021-25281 | 41946 |
An issue was discovered in through SaltStack Salt before 3002.5. Salt… |
|
CRITICAL | 9.8 |
| CVE-2020-35662 | 41945 |
In SaltStack Salt before 3002.5, when authenticating to services usin… |
|
HIGH | 7.4 |
| CVE-2021-3144 | 41950 |
In SaltStack Salt before 3002.5, eauth tokens can be used once after … |
|
CRITICAL | 9.1 |
| CVE-2021-25283 | 41948 |
An issue was discovered in through SaltStack Salt before 3002.5. The … |
|
CRITICAL | 9.8 |
| CVE-2020-28243 | 41929 |
An issue was discovered in SaltStack Salt before 3002.5. The minion's… |
|
HIGH | 7.8 |
| CVE-2020-28972 | 41944 |
In SaltStack Salt before 3002.5, authentication to VMware vcenter, vs… |
|
MEDIUM | 5.9 |
| CVE-2021-3148 | 41951 |
An issue was discovered in SaltStack Salt before 3002.5. Sending craf… |
|
CRITICAL | 9.8 |
| CVE-2020-16846 | 39159 |
An issue was discovered in SaltStack Salt affected versions. With the… |
|
CRITICAL | 9.8 |
| CVE-2022-22967 | 50224 |
Salt 3002.9, 3003.5 and 3004.2 include a fix for CVE-2022-22967: PAM … |
|
HIGH | 8.8 |
| CVE-2022-22936 | 49627 |
Salt 3002.8, 3003.4 and 3004.1 include a fix for CVE-2022-22936: Job … |
|
HIGH | 8.8 |
| CVE-2022-22934 | 49570 |
Salt 3002.8, 3003.4 and 3004.1 include a fix for CVE-2022-22934: Salt… |
|
HIGH | 8.8 |
| CVE-2022-22941 | 49628 |
Salt 3002.8, 3003.4 and 3004.1 include a fix for CVE-2022-22941: When… |
|
HIGH | 8.8 |
| CVE-2022-22935 | 49626 |
Salt 3002.8, 3003.4 and 3004.1 include a fix for CVE-2022-22935: A mi… |
|
LOW | 3.7 |
| CVE-2021-21996 | 41953 |
Salt 3003.3, 3002.7 and 3001.8 include a fix for CVE-2021-21996: An i… |
|
HIGH | 7.5 |
| CVE-2017-14696 | 53937 |
SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.… |
|
HIGH | 7.5 |
| CVE-2017-14695 | 53936 |
Directory traversal vulnerability in minion id validation in SaltStac… |
|
CRITICAL | 9.8 |
| CVE-2017-5200 | 53957 |
Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5… |
|
HIGH | 8.8 |
| CVE-2017-5192 | 53956 |
When using the local_batch client from salt-api in SaltStack Salt bef… |
|
HIGH | 8.8 |
| CVE-2024-22232 | 65958 |
Affected versions of Salt are vulnerable to a Path Traversal vulnerab… |
|
- | - |
| CVE-2024-22231 | 65902 |
Syndic cache directory creation is vulnerable to a directory traversa… |
|
- | - |
| CVE-2023-37920 | 61048 |
Salt 3005.2 and 3006.2 update its dependency 'certifi' to v2023.07.22… |
|
CRITICAL | 9.8 |
| CVE-2023-3446 | 61047 |
Salt 3005.2 and 3006.2 update its dependency 'cryptography' to v41.0.… |
|
MEDIUM | 5.3 |
| CVE-2023-20898 | 61045 |
Salt 3005.2 and 3006.2 include a fix for CVE-2023-20898: Git Provider… |
|
HIGH | 7.8 |
| CVE-2023-32681 | 61046 |
Salt 3005.2 and 3006.2 update its dependency 'requests' to v2.31.0 to… |
|
MEDIUM | 6.1 |
| CVE-2023-20897 | 61043 |
Salt 3005.2 and 3006.2 include a fix for CVE-2023-20897: DOS in minio… |
|
MEDIUM | 5.3 |
| PVE-2022-49629 | 49629 |
Salt 3004.1 and 3003.4 fix a denial of service vulnerability in junos… |
|
- | - |
| CVE-2021-22004 | 41922 |
Salt versions 3002.7 and 3003.3 include a fix for CVE-2021-22004: An … |
|
MEDIUM | 6.4 |
| CVE-2018-15751 | 54009 |
SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow rem… |
|
CRITICAL | 9.8 |
| CVE-2015-6941 | 54106 |
win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before… |
|
CRITICAL | 9.8 |
| CVE-2023-34049 | 66718 |
A vulnerability in Salt-SSH before 3005.4 and 3006.4 arises from the … |
|
- | - |
| CVE-2020-11651 | 54437 |
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 be… |
|
CRITICAL | 9.8 |
| CVE-2020-11652 | 54173 |
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 be… |
|
MEDIUM | 6.5 |
| CVE-2018-15750 | 54205 |
Directory Traversal vulnerability in salt-api in SaltStack Salt befor… |
|
MEDIUM | 5.3 |
| CVE-2017-12791 | 53929 |
Directory traversal vulnerability in minion id validation in SaltStac… |
|
CRITICAL | 9.8 |
| CVE-2016-3176 | 54116 |
Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external… |
|
MEDIUM | 5.6 |
| CVE-2023-41040 | 65952 |
Salt version 3007.0rc1 has updated its GitPython dependency to versio… |
|
MEDIUM | 6.5 |
| CVE-2023-40590 | 65951 |
Salt version 3007.0rc1 has updated its GitPython dependency to versio… |
|
HIGH | 7.8 |
| CVE-2023-41040 | 70738 |
Salt version 3007.0 updates its GitPython dependency to version 3.1.3… |
|
MEDIUM | 6.5 |
| CVE-2023-40590 | 70737 |
Salt version 3007.0 updates its GitPython dependency to version 3.1.3… |
|
HIGH | 7.8 |
| PVE-2024-70600 | 70600 |
Salt version 3007.0 updates its Tornado library to version 6.3.3 or h… |
|
- | - |
| CVE-2024-0727 | 71143 |
Salt version 3006.8 upgrades its cryptography dependency to version 4… |
|
MEDIUM | 5.5 |
| CVE-2024-26130 | 71142 |
Salt version 3006.8 upgrades its cryptography dependency to version 4… |
|
- | - |
| PVE-2024-71128 | 71128 |
Salt version 3006.8 upgrades its cryptography dependency to version 4… |
|
- | - |
| CVE-2024-27306 | 71145 |
Salt version 3006.8 updates its aiohttp dependency to version 3.9.4 t… |
|
- | - |
| CVE-2024-3651 | 71144 |
Salt version 3006.8 updates its 'idna' dependency to version 3.7 to a… |
|
HIGH | 7.5 |
| CVE-2023-50782 | 65900 |
Salt version 3006.7 upgrades its cryptography library to version 42.0… |
|
HIGH | 7.5 |
| CVE-2023-52323 | 65954 |
Salt 3006.6 upgrades its pycryptodomex library to version 3.19.1 as a… |
|
MEDIUM | 5.9 |
| CVE-2023-52323 | 65901 |
Salt 3006.6 upgrades its pycryptodome library to version 3.19.1 as a … |
|
MEDIUM | 5.9 |
| CVE-2024-22195 | 65957 |
Salt 3006.6 upgrades its jinja2 library to version 3.1.3 as a securit… |
|
MEDIUM | 6.1 |
| CVE-2024-22190 | 65956 |
Salt 3006.6 upgrades its gitpython library to version 3.1.41 as a sec… |
|
HIGH | 7.8 |
| PVE-2023-62824 | 62824 |
Salt 3006.4 fixes CVE-2023-34049 to avoid impacting salt-ssg users us… |
|
- | - |
| CVE-2023-26302 | 55068 |
Salt 3006.0rc3 updates its dependency 'markdown-it-py' to v2.2.0 to i… |
|
MEDIUM | 5.5 |
| CVE-2023-26303 | 55069 |
Salt 3006.0rc3 updates its dependency 'markdown-it-py' to v2.2.0 to i… |
|
MEDIUM | 5.5 |
| CVE-2023-0286 | 55066 |
Salt 3006.0rc3 updates its dependency 'cryptography' to versions '>=3… |
|
HIGH | 7.4 |
| CVE-2023-23931 | 55067 |
Salt 3006.0rc3 updates its dependency 'cryptography' to versions '>=3… |
|
MEDIUM | 6.5 |
| PVE-2023-62825 | 62825 |
Salt 3005.4 fixes CVE2023-34049 to avoid impacting salt-ssg users usi… |
|
- | - |
| PVE-2023-62053 | 62053 |
Salt 3005.3 updates gitpython to >=3.1.35 due to https://github.com/a… |
|
- | - |
| CVE-2021-29921 | 41921 |
Salt 3003.2 updates its dependency "ipaddress" to 3.9.5 to include se… |
|
CRITICAL | 9.8 |
| CVE-2021-25315 | 62641 |
An authentication flaw (CWE-287) has been discovered in SUSE Linux En… |
|
HIGH | 7.8 |
| CVE-2020-25592 | 39571 |
In SaltStack Salt through 3002, salt-netapi improperly validates eaut… |
|
CRITICAL | 9.8 |
| CVE-2019-18874 | 38668 |
Salt 3001.1 updates PyYAML for security reasons. Additionally, psutil… |
|
HIGH | 7.5 |
| CVE-2020-17490 | 39574 |
Salt 3000.4 prevents creating world-readable private keys with the TL… |
|
MEDIUM | 5.5 |
| CVE-2021-31607 | 41925 |
Salt 3002.7 includes a fix for CVE-2021-31607: In SaltStack Salt 2016… |
|
HIGH | 7.8 |
| CVE-2017-8109 | 53964 |
The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 c… |
|
HIGH | 7.8 |
| CVE-2016-1866 | 54112 |
Salt 2015.8.x before 2015.8.4 does not properly handle clear messages… |
|
HIGH | 8.1 |
| CVE-2019-17361 | 54206 |
In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh… |
|
CRITICAL | 9.8 |
| CVE-2019-1010259 | 54128 |
SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impa… |
|
CRITICAL | 9.8 |
| CVE-2017-7893 | 53963 |
In SaltStack Salt before 2016.3.6, compromised salt-minions can imper… |
|
CRITICAL | 9.8 |
| CVE-2015-8034 | 54107 |
The state.sls function in Salt before 2015.8.3 uses weak permissions … |
|
LOW | 3.3 |
| CVE-2016-9639 | 54119 |
Salt before 2015.8.11 allows deleted minions to read or write to mini… |
|
CRITICAL | 9.1 |
| CVE-2015-6918 | 54105 |
salt before 2015.5.5 leaks git usernames and passwords to the log. |
|
MEDIUM | 6.3 |
| CVE-2015-4017 | 54101 |
Salt before 2014.7.6 does not verify certificates when connecting via… |
|
HIGH | 7.5 |
| CVE-2015-1839 | 54099 |
modules/chef.py in SaltStack before 2014.7.4 does not properly handle… |
|
MEDIUM | 5.3 |
| CVE-2015-1838 | 54098 |
modules/serverdensity_device.py in SaltStack before 2014.7.4 does not… |
|
MEDIUM | 5.3 |
| CVE-2014-3563 | 54082 |
Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2… |
|
HIGH | 7.2 |
| CVE-2013-4436 | 54058 |
The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0… |
|
HIGH | 9.3 |
| CVE-2013-4437 | 54213 |
Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 … |
|
HIGH | 10.0 |
| CVE-2013-4435 | 54061 |
Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticate… |
|
MEDIUM | 6.0 |
| CVE-2013-2228 | 67957 |
SaltStack RSA Key Generation allows remote users to decrypt communica… |
|
HIGH | 8.1 |
| CVE-2013-6617 | 54066 |
The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does no… |
|
HIGH | 10.0 |
| CVE-2013-4438 | 54059 |
Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute… |
|
HIGH | 7.5 |
| CVE-2013-4439 | 54060 |
Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authe… |
|
MEDIUM | 4.9 |