rpm package
suse/salt&distro=SUSE Enterprise Storage 5
pkg:rpm/suse/salt&distro=SUSE%20Enterprise%20Storage%205
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-25592 | — | < 2016.11.4-48.13.1 | 2016.11.4-48.13.1 | Nov 6, 2020 | In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH. | ||
| CVE-2020-17490 | — | < 2016.11.4-48.13.1 | 2016.11.4-48.13.1 | Nov 6, 2020 | The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions. | ||
| CVE-2020-16846 | — | KEV | < 2016.11.4-48.13.1 | 2016.11.4-48.13.1 | Nov 6, 2020 | An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection. | |
| CVE-2020-11652 | — | KEV | < 2016.11.4-48.10.1 | 2016.11.4-48.10.1 | Apr 30, 2020 | An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users. | |
| CVE-2020-11651 | — | KEV | < 2016.11.4-48.10.1 | 2016.11.4-48.10.1 | Apr 30, 2020 | An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user | |
| CVE-2017-14696 | Hig | 7.5 | < 2016.11.4-46.10.1 | 2016.11.4-46.10.1 | Oct 24, 2017 | SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request. | |
| CVE-2017-14695 | Cri | 9.8 | < 2016.11.4-46.10.1 | 2016.11.4-46.10.1 | Oct 24, 2017 | Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability ex |
- CVE-2020-25592Nov 6, 2020affected < 2016.11.4-48.13.1fixed 2016.11.4-48.13.1
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.
- CVE-2020-17490Nov 6, 2020affected < 2016.11.4-48.13.1fixed 2016.11.4-48.13.1
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.
- affected < 2016.11.4-48.13.1fixed 2016.11.4-48.13.1
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
- affected < 2016.11.4-48.10.1fixed 2016.11.4-48.10.1
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
- affected < 2016.11.4-48.10.1fixed 2016.11.4-48.10.1
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user
- affected < 2016.11.4-46.10.1fixed 2016.11.4-46.10.1
SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request.
- affected < 2016.11.4-46.10.1fixed 2016.11.4-46.10.1
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability ex