rpm package
suse/python-singledispatch&distro=SUSE Manager Client Tools 12
pkg:rpm/suse/python-singledispatch&distro=SUSE%20Manager%20Client%20Tools%2012
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-11652 | — | KEV | < 3.4.0.3-1.5.1 | 3.4.0.3-1.5.1 | Apr 30, 2020 | An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users. | |
| CVE-2020-11651 | — | KEV | < 3.4.0.3-1.5.1 | 3.4.0.3-1.5.1 | Apr 30, 2020 | An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user | |
| CVE-2019-18897 | — | < 3.4.0.3-1.5.1 | 3.4.0.3-1.5.1 | Mar 2, 2020 | A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local attackers to escalate privileges from user salt to root. This issue affects: SUSE Linux Enterprise Se |
- affected < 3.4.0.3-1.5.1fixed 3.4.0.3-1.5.1
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
- affected < 3.4.0.3-1.5.1fixed 3.4.0.3-1.5.1
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user
- CVE-2019-18897Mar 2, 2020affected < 3.4.0.3-1.5.1fixed 3.4.0.3-1.5.1
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local attackers to escalate privileges from user salt to root. This issue affects: SUSE Linux Enterprise Se