VYPR

rpm package

suse/salt&distro=SUSE Enterprise Storage 4

pkg:rpm/suse/salt&distro=SUSE%20Enterprise%20Storage%204

Vulnerabilities (6)

  • CVE-2017-14696HigOct 24, 2017
    affected < 2016.11.4-46.10.1fixed 2016.11.4-46.10.1

    SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request.

  • CVE-2017-14695CriOct 24, 2017
    affected < 2016.11.4-46.10.1fixed 2016.11.4-46.10.1

    Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability ex

  • CVE-2017-5200HigSep 26, 2017
    affected < 2016.11.4-45.2fixed 2016.11.4-45.2

    Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.

  • CVE-2017-12791CriAug 23, 2017
    affected < 2016.11.4-46.7.1fixed 2016.11.4-46.7.1

    Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.

  • CVE-2017-8109HigApr 25, 2017
    affected < 2016.11.4-45.2fixed 2016.11.4-45.2

    The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).

  • CVE-2016-9639CriFeb 7, 2017
    affected < 2015.8.12-27.5fixed 2015.8.12-27.5

    Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.