pkg:PyPI/salt

All known vulnerabilities

• CRITICAL9.8CVE-2020-16846⚠ KEVsalt - security update
  from 0, < 2015.8.13
• CRITICAL9.8CVE-2020-16846⚠ KEVsalt - security update
  from 0, < 2015.8.10, >= 2015.8.11, < 2015.8.13, >= 2016.3.0, < 2016.3.4, >= 2016.3.5, < 2016.3.6, >= 2016.3.7, < 2016.3.8, >= 2016.11.0, < 2016.11.3, >= 2016.11.4, < 2016.11.6, >= 2016.11.7, < 2016.11.10, >= 2017.7.0, < 2017.7.4, >= 2017.7.5, < 2017.7.8, >= 2018.3.0rc1, < 2018.3.5, >= 2019.2.0, < 2019.2.5, >= 3000, < 3000.3
• CRITICAL9.8⚠ KEVsalt - security update
  from 0, < 2019.2.4
• CRITICAL9.8⚠ KEVsalt - security update
  from 0, < 2019.2.4, >= 3000, < 3000.2
• MEDIUM6.5⚠ KEVSaltStack Salt is vulnerable Arbitrary Directory Access
  from 0, < 2019.2.4, >= 3000, < 3000.2
• MEDIUM6.5⚠ KEVSaltStack Salt is vulnerable Arbitrary Directory Access
  from 0, < 2019.2.4
• CRITICAL9.8SaltStack Salt is vulnerable to shell injection via ProxyCommand argument
  from 0, < 2015.8.13
• CRITICAL9.8SaltStack Salt command injection in the Salt-API when using the Salt-SSH client
  from 0, < 2015.8.10, >= 2015.8.11, < 2015.8.13, >= 2016.3.0, < 2016.3.4, >= 2016.3.5, < 2016.3.6, >= 2016.3.7, < 2016.3.8, >= 2016.11.0, < 2016.11.3, >= 2016.11.4, < 2016.11.5, >= 2016.11.7, < 2016.11.10, >= 2017.7.0, < 2017.7.8, >= 2018.3.0rc1, < 2019.2.0rc1, >= 2019.2.0, < 2019.2.5, >= 2019.2.6, < 2019.2.8, >= 3000, < 3000.6, >= 3001, < 3001.4, >= 3002, < 3002.5
• CRITICAL9.8SaltStack Salt command injection in the Salt-API when using the Salt-SSH client
  from 0, < 2015.8.13
• CRITICAL9.8SaltStack Salt is vulnerable to shell injection via ProxyCommand argument
  from 0, < 2015.8.10, >= 2015.8.11, < 2015.8.13, >= 2016.3.0, < 2016.3.4, >= 2016.3.5, < 2016.3.6, >= 2016.3.7, < 2016.3.8, >= 2016.11.0, < 2016.11.3, >= 2016.11.4, < 2016.11.5, >= 2016.11.7, < 2016.11.10, >= 2017.7.0, < 2017.7.8, >= 2018.3.0rc1, < 2019.2.0rc1, >= 2019.2.0, < 2019.2.5, >= 2019.2.6, < 2019.2.8, >= 3000, < 3000.6, >= 3001, < 3001.4, >= 3002, < 3002.5
• CRITICAL9.8SaltStack Salt Server Side Template Injection
  from 0, < 2015.8.10, >= 2015.8.11, < 2015.8.13, >= 2016.3.0, < 2016.3.4, >= 2016.3.5, < 2016.3.6, >= 2016.3.7, < 2016.3.8, >= 2016.11.0, < 2016.11.3, >= 2016.11.4, < 2016.11.5, >= 2016.11.7, < 2016.11.10, >= 2017.7.0, < 2017.7.8, >= 2018.3.0rc1, < 2019.2.0rc1, >= 2019.2.0, < 2019.2.5, >= 2019.2.6, < 2019.2.8, >= 3000, < 3000.6, >= 3001, < 3001.4, >= 3002, < 3002.5
• CRITICAL9.8SaltStack Salt Improper Authentication vulnerability
  from 0, < 2015.8.13
• CRITICAL9.8SaltStack Salt Server Side Template Injection
  from 0, < 2015.8.13
• CRITICAL9.8SaltStack Salt Improper Authentication vulnerability
  from 0, < 2015.8.10, >= 2015.8.11, < 2015.8.13, >= 2016.3.0, < 2016.3.4, >= 2016.3.5, < 2016.3.6, >= 2016.3.7, < 2016.3.8, >= 2016.11.0, < 2016.11.3, >= 2016.11.4, < 2016.11.5, >= 2016.11.7, < 2016.11.10, >= 2017.7.0, < 2017.7.8, >= 2018.3.0rc1, < 2019.2.0rc1, >= 2019.2.0, < 2019.2.5, >= 2019.2.6, < 2019.2.8, >= 3000, < 3000.6, >= 3001, < 3001.4, >= 3002, < 3002.5
• CRITICAL9.8SaltStack Salt Improper Validation of eauth credentials and tokens in salt-netapi
  from 0, < 2015.8.13
• CRITICAL9.8SaltStack Salt Improper Validation of eauth credentials and tokens in salt-netapi
  from 0, < 2015.8.10, >= 2015.8.11, < 2015.8.13, >= 2016.3.0, < 2016.3.4, >= 2016.3.5, < 2016.3.6, >= 2016.3.7, < 2016.3.8, >= 2016.11.0, < 2016.11.3, >= 2016.11.4, < 2016.11.6, >= 2016.11.7, < 2016.11.10, >= 2017.7.0, < 2017.7.4, >= 2017.7.5, < 2017.7.8, >= 2018.3.0rc1, < 2018.3.5, >= 2019.2.0, < 2019.2.5, >= 3000, < 3000.3
• CRITICAL9.8salt - security update
  from 0, < 2019.2.3
• CRITICAL9.8salt - security update
  from 0, < 2019.2.1
• CRITICAL9.8SaltStack Salt SQL Injection vulnerability in mysql.user_chpass function
  from 0, < 2018.3.4
• CRITICAL9.8SaltStack Salt SQL Injection vulnerability in mysql.user_chpass function
  >= 2018.3.0, < 2018.3.4
• CRITICAL9.8salt password information leaked in debug logs
  from 0, < c0689e32154c41f59840ae10ffc5fbfa30618710 | >= 2015.5, < 2015.5.6, >= 2015.8, < 2015.8.1
• CRITICAL9.8salt password information leaked in debug logs
  >= 2015.5, < 2015.5.6
• CRITICAL9.8SaltStack Salt Directory traversal vulnerability in minion id validation
  from 0, < 2016.11.7, >= 2017.7, < 2017.7.1
• CRITICAL9.8SaltStack Salt Directory traversal vulnerability in minion id validation
• CRITICAL9.8SaltStack Salt Directory traversal vulnerability in minion id validation
  from 0, < 2016.11.7
• CRITICAL9.8SaltStack Salt Directory traversal vulnerability in minion id validation
  from 0, < 2016.3.8
• CRITICAL9.8SaltStack Salt Directory traversal vulnerability in minion id validation
  from 0, < 80d90307b07b3703428ecbb7c8bb468e28a9ae6d | from 0, < 2016.3.8, >= 2016.11, < 2016.11.8, >= 2017.7, < 2017.7.2
• CRITICAL9.8SaltStack Salt allows compromised salt-minions to impersonate the salt-master
  from 0, < 2016.3.6
• CRITICAL9.8SaltStack Salt allows compromised salt-minions to impersonate the salt-master
  from 0, < 2016.3.6
• CRITICAL9.8SaltStack Salt Remote command execution and incorrect access control when using salt-api
  >= 2017.7.0, < 2017.7.8
• CRITICAL9.8SaltStack Salt Remote command execution and incorrect access control when using salt-api
  >= 2018.3.0, < 2018.3.3, from 0, < 2017.7.8
• CRITICAL9.6Salt vulnerable to directory traversal attack in file receiving method
  >= 3007.0rc1, < 3007.4
• CRITICAL9.1SaltStack Salt eauth tokens can be used once after expiration
  from 0, < 2015.8.10, >= 2015.8.11, < 2015.8.13, >= 2016.3.0, < 2016.3.4, >= 2016.3.5, < 2016.3.6, >= 2016.3.7, < 2016.3.8, >= 2016.11.0, < 2016.11.3, >= 2016.11.4, < 2016.11.5, >= 2016.11.7, < 2016.11.10, >= 2017.7.0, < 2017.7.8, >= 2018.3.0rc1, < 2019.2.0rc1, >= 2019.2.0, < 2019.2.5, >= 2019.2.6, < 2019.2.8, >= 3000, < 3000.6, >= 3001, < 3001.4, >= 3002, < 3002.5
• CRITICAL9.1SaltStack Salt eauth tokens can be used once after expiration
  from 0, < 2015.8.13
• CRITICAL9.1SaltStack Salt Directory Traversal vulnerability
  from 0, < 2015.8.10, >= 2015.8.11, < 2015.8.13, >= 2016.3.0, < 2016.3.4, >= 2016.3.5, < 2016.3.6, >= 2016.3.7, < 2016.3.8, >= 2016.11.0, < 2016.11.3, >= 2016.11.4, < 2016.11.5, >= 2016.11.7, < 2016.11.10, >= 2017.7.0, < 2017.7.8, >= 2018.3.0rc1, < 2019.2.0rc1, >= 2019.2.0, < 2019.2.5, >= 2019.2.6, < 2019.2.8, >= 3000, < 3000.6, >= 3001, < 3001.4, >= 3002, < 3002.5
• CRITICAL9.1SaltStack Salt Directory Traversal vulnerability
  from 0, < 2015.8.13
• CRITICAL9.1Salt allows deleted minions to read or write to minions with the same id
  from 0, < 2015.8.11
• CRITICAL9.1Salt allows deleted minions to read or write to minions with the same id
  from 0, < 2015.8.11
• HIGH8.8Salt has insufficient argument validation in several modules
  >= 0.15.0, < 0.17.1
• HIGH8.8Salt has insufficient argument validation in several modules
  >= 0.15.0, < 0.17.1
• HIGH8.8SaltStack Salt Authentication Bypass when using the local_batch client from salt-api
  from 0, < 2015.8.13, >= 2016.3, < 2016.3.5, >= 2016.11, < 2016.11.2
• HIGH8.8SaltStack Salt Authentication Bypass when using the local_batch client from salt-api
  from 0, < 2015.8.13
• HIGH8.8SaltStack Salt arbitrary command execution in Salt-api via ssh_client
  from 0, < 2015.8.13
• HIGH8.8SaltStack Salt arbitrary command execution in Salt-api via ssh_client
  from 0, < 2015.8.13, >= 2016.3, < 2016.3.5, >= 2016.11, < 2016.11.2
• HIGH8.8SaltStack Salt Authentication Bypass by Capture-replay
  from 0, < 3002.8
• HIGH8.8SaltStack Improper Verification of Cryptographic Signature
  from 0, < 3002.8
• HIGH8.8SaltStack Improper Verification of Cryptographic Signature
  from 0, < 3002.8
• HIGH8.8SaltStack Salt Authentication Bypass by Capture-replay
  from 0, < 3002.8
• HIGH8.8SaltStack Salt Permissions Bypass
  from 0, < 3002.8
• HIGH8.8SaltStack Salt Permissions Bypass
  from 0, < 3002.8
• HIGH8.1Salt has minion event bus authorization bypass vulnerability
  >= 3007.0, < 3007.4
• HIGH8.1Salt vulnerable to arbitrary event injection
  >= 3006.0rc1, < 3006.12
• HIGH8.1Salt Improper Access Control
  >= 2015.8, < 2015.8.4
• HIGH8.1Salt Improper Access Control
  >= 2015.8.0rc1, < 2015.8.4
• HIGH8.1SaltStack RSA Key Generation allows remote users to decrypt communications
  from 0, < 0.15.1
• HIGH7.8Salt junos Module Vulnerable to Code Injection via Specially Crafted YAML Payload
  from 0, < 3006.17
• HIGH7.8Command Injection in SaltStack Salt
  >= 2016.11.0, < 3003rc1
• HIGH7.8Command Injection in SaltStack Salt
  >= 2016.11.0, < 3003rc1
• HIGH7.8Saltstack Salt Unauthenticated Arbitrary Code Execution
  from 0, < 3002.2
• HIGH7.8Saltstack Salt Unauthenticated Arbitrary Code Execution
  from 0, < 3002.2
• HIGH7.8salt - security update
  from 0, < 2015.8.10, >= 2015.8.11, < 2015.8.13, >= 2016.3.0, < 2016.3.4, >= 2016.3.5, < 2016.3.6, >= 2016.3.7, < 2016.3.8, >= 2016.11.0, < 2016.11.3, >= 2016.11.4, < 2016.11.5, >= 2016.11.7, < 2016.11.10, >= 2017.7.0, < 2017.7.8, >= 2018.3.0rc1, < 2019.2.0rc1, >= 2019.2.0, < 2019.2.5, >= 2019.2.6, < 2019.2.8, >= 3000, < 3000.6, >= 3001, < 3001.4, >= 3002, < 3002.5
• HIGH7.8salt - security update
  from 0, < 2015.8.13
• HIGH7.8SaltStack Salt Information Exposure
  >= 2016.11, < 2016.11.4
• HIGH7.8SaltStack Salt Information Exposure
  >= 2016.11, < 2016.11.4
• HIGH7.7Path traversal in saltstack
  from 0, < 3005.5
• HIGH7.5Salt's PAM auth fails to reject locked accounts
  from 0, < 3002.9
• HIGH7.5Salt's PAM auth fails to reject locked accounts
  from 0, < 3002.9
• HIGH7.5SaltStack Privilege Escalation vulnerability
  >= 0.11.0, < 0.17.1
• HIGH7.5SaltStack Privilege Escalation vulnerability
  >= 0.11.0, < 0.17.1
• HIGH7.5SaltStack MITM SSH attack in salt-ssh
  >= 0.17.0, < 0.17.1
• HIGH7.5SaltStack MITM SSH attack in salt-ssh
  >= 0.17.0, < 0.17.1
• HIGH7.5SaltStack Salt Denial of Service via a crafted authentication request
  from 0, < 5f8b5e1a0f23fe0f2be5b3c3e04199b57a53db5b | from 0, < 2016.3.8, >= 2016.11, < 2016.11.8, >= 2017.7, < 2017.7.2
• HIGH7.5SaltStack Salt Denial of Service via a crafted authentication request
  from 0, < 2016.3.8
• HIGH7.5Salt vulnerable to Improper Certificate Validation
  from 0, < 2014.7.6
• HIGH7.5Salt vulnerable to Improper Certificate Validation
  from 0, < 2014.7.6
• HIGH7.5salt - security update
  from 0, < 3003.3
• HIGH7.5salt - security update
  from 0, < 3003.3
• HIGH7.4SaltStack Salt Improper SSL Certificate Validation
  from 0, < 2015.8.10, >= 2015.8.11, < 2015.8.13, >= 2016.3.0, < 2016.3.4, >= 2016.3.5, < 2016.3.6, >= 2016.3.7, < 2016.3.8, >= 2016.11.0, < 2016.11.3, >= 2016.11.4, < 2016.11.5, >= 2016.11.7, < 2016.11.10, >= 2017.7.0, < 2017.7.8, >= 2018.3.0rc1, < 2019.2.0rc1, >= 2019.2.0, < 2019.2.5, >= 2019.2.6, < 2019.2.8, >= 3000, < 3000.6, >= 3001, < 3001.4, >= 3002, < 3002.5
• HIGH7.4SaltStack Salt Improper SSL Certificate Validation
  from 0, < 2015.8.13
• MEDIUM6.7Salt's on demand pillar functionality vulnerable to arbitrary command injections
  >= 3006.0rc1, < 3006.12
• MEDIUM6.7Salt preflight script could be attacker controlled
  from 0, < 3005.4
• MEDIUM6.5Minion identity not validated in saltstack
  >= 0.15.0, < 0.17.1
• MEDIUM6.5Minion identity not validated in saltstack
  from 0, < 0.17.1
• MEDIUM6.4Salt's salt.auth.pki module does not properly authenticate callers
  >= 3006.0rc1, < 3006.12
• MEDIUM6.4Improper Authentication in SaltStack Salt
  from 0, < 3003.3
• MEDIUM6.4Improper Authentication in SaltStack Salt
  from 0, < 3003.3
• MEDIUM6.3Salt allows arbitrary directory creation or file deletion
  >= 3007.0rc1, < 3007.4
• MEDIUM6.3salt leaks git usernames and passwords to the log
  from 0, < 28aa9b105804ff433d8f663b2f9b804f2b75495a | from 0, < 2015.5.5
• MEDIUM6.3salt leaks git usernames and passwords to the log
  from 0, < 2015.5.5
• MEDIUM6.2Salt Authentication Protocol Version Downgrade Allows Minion Impersonation
  >= 3006.12, < 3006.17
• MEDIUM5.9SaltStack Salt Improper Certificate Validation
  from 0, < 2015.8.13
• MEDIUM5.9SaltStack Salt Improper Certificate Validation
  from 0, < 2015.8.10, >= 2015.8.11, < 2015.8.13, >= 2016.3.0, < 2016.3.4, >= 2016.3.5, < 2016.3.6, >= 2016.3.7, < 2016.3.8, >= 2016.11.0, < 2016.11.3, >= 2016.11.4, < 2016.11.5, >= 2016.11.7, < 2016.11.10, >= 2017.7.0, < 2017.7.8, >= 2018.3.0rc1, < 2019.2.0rc1, >= 2019.2.0, < 2019.2.5, >= 2019.2.6, < 2019.2.8, >= 3000, < 3000.6, >= 3001, < 3001.4, >= 3002, < 3002.5
• MEDIUM5.6Salt's worker process vulnerable to denial of service through file read operation
  >= 3007.0rc1, < 3007.4
• MEDIUM5.6Salt's file contents overwrite the VirtKey class
  >= 3007.0rc1, < 3007.4
• MEDIUM5.6Salt Insecure configuration of PAM external authentication service
  from 0, < 2015.5.10, >= 2015.8, < 2015.8.8
• MEDIUM5.6Salt Insecure configuration of PAM external authentication service
  from 0, < 2015.5.10
• MEDIUM5.5SaltStack Salt Allows creating certificates with weak file permissions
  from 0, < 2015.8.13
• MEDIUM5.5SaltStack Salt Allows creating certificates with weak file permissions
  from 0, < 2015.8.10, >= 2015.8.11, < 2015.8.13, >= 2016.3.0, < 2016.3.4, >= 2016.3.5, < 2016.3.6, >= 2016.3.7, < 2016.3.8, >= 2016.11.0, < 2016.11.3, >= 2016.11.4, < 2016.11.6, >= 2016.11.7, < 2016.11.10, >= 2017.7.0, < 2017.7.4, >= 2017.7.5, < 2017.7.8, >= 2018.3.0rc1, < 2018.3.5, >= 2019.2.0, < 2019.2.5, >= 3000, < 3000.3
• MEDIUM5.3Salt vulnerable to denial of service
  >= 3006.0, < 3006.2, from 0, < 3005.2
• MEDIUM5.3Salt vulnerable to denial of service
  from 0, < 3005.2