rpm package
suse/python-distro&distro=SUSE Linux Enterprise Module for Basesystem 15 SP3
pkg:rpm/suse/python-distro&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-31607 | — | < 1.5.0-3.5.1 | 1.5.0-3.5.1 | Apr 23, 2021 | In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the s | ||
| CVE-2021-25315 | — | < 1.5.0-3.5.1 | 1.5.0-3.5.1 | Mar 3, 2021 | CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt | ||
| CVE-2020-25592 | — | < 1.5.0-3.5.1 | 1.5.0-3.5.1 | Nov 6, 2020 | In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH. | ||
| CVE-2020-11652 | — | KEV | < 1.5.0-3.5.1 | 1.5.0-3.5.1 | Apr 30, 2020 | An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users. | |
| CVE-2020-11651 | — | KEV | < 1.5.0-3.5.1 | 1.5.0-3.5.1 | Apr 30, 2020 | An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user | |
| CVE-2018-15751 | — | < 1.5.0-3.5.1 | 1.5.0-3.5.1 | Oct 24, 2018 | SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi). | ||
| CVE-2018-15750 | — | < 1.5.0-3.5.1 | 1.5.0-3.5.1 | Oct 24, 2018 | Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server. |
- CVE-2021-31607Apr 23, 2021affected < 1.5.0-3.5.1fixed 1.5.0-3.5.1
In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the s
- CVE-2021-25315Mar 3, 2021affected < 1.5.0-3.5.1fixed 1.5.0-3.5.1
CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt
- CVE-2020-25592Nov 6, 2020affected < 1.5.0-3.5.1fixed 1.5.0-3.5.1
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.
- affected < 1.5.0-3.5.1fixed 1.5.0-3.5.1
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
- affected < 1.5.0-3.5.1fixed 1.5.0-3.5.1
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user
- CVE-2018-15751Oct 24, 2018affected < 1.5.0-3.5.1fixed 1.5.0-3.5.1
SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).
- CVE-2018-15750Oct 24, 2018affected < 1.5.0-3.5.1fixed 1.5.0-3.5.1
Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.