VYPR

rpm package

suse/salt&distro=SUSE Linux Enterprise Module for Advanced Systems Management 12

pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Advanced%20Systems%20Management%2012

Vulnerabilities (31)

  • CVE-2020-11652MedKEVApr 30, 2020
    affected < 2019.2.0-46.91.1fixed 2019.2.0-46.91.1

    An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.

  • CVE-2020-11651CriKEVApr 30, 2020
    affected < 2019.2.0-46.91.1fixed 2019.2.0-46.91.1

    An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user

  • CVE-2019-18897HigMar 2, 2020
    affected < 2019.2.0-46.88.1fixed 2019.2.0-46.88.1

    A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local attackers to escalate privileges from user salt to root. This issue affects: SUSE Linux Enterprise Se

  • CVE-2019-17361CriJan 17, 2020
    affected < 2019.2.0-46.88.1fixed 2019.2.0-46.88.1

    In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.

  • CVE-2018-15751CriOct 24, 2018
    affected < 2018.3.0-46.44.1fixed 2018.3.0-46.44.1

    SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).

  • CVE-2018-15750MedOct 24, 2018
    affected < 2018.3.0-46.44.1fixed 2018.3.0-46.44.1

    Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.

  • CVE-2017-14696HigOct 24, 2017
    affected < 2016.11.4-46.10.1fixed 2016.11.4-46.10.1

    SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request.

  • CVE-2017-14695CriOct 24, 2017
    affected < 2016.11.4-46.10.1fixed 2016.11.4-46.10.1

    Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability ex

  • CVE-2017-5200HigSep 26, 2017
    affected < 2016.11.4-45.2fixed 2016.11.4-45.2

    Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.

  • CVE-2017-12791CriAug 23, 2017
    affected < 2016.11.4-46.7.1fixed 2016.11.4-46.7.1

    Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.

  • CVE-2017-8109HigApr 25, 2017
    affected < 2016.11.4-45.2fixed 2016.11.4-45.2

    The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).

Page 2 of 2