Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

11 – 20 of 59 results

CVE-2022-22934

Medium priority
Needs evaluation

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data.

1 affected packages

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not in release Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-22004

Low priority
Needs evaluation

An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to...

1 affected packages

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not in release Needs evaluation Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2021-21996

Medium priority
Needs evaluation

An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.

1 affected packages

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not in release Needs evaluation Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2021-31607

Medium priority
Needs evaluation

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is...

1 affected packages

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not in release Needs evaluation Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2021-25315

Medium priority
Needs evaluation

CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue...

1 affected packages

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not in release Needs evaluation Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2021-3197

Medium priority

Some fixes available 2 of 8

An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.

1 affected packages

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not in release Needs evaluation Not in release Fixed Fixed
Show less packages

CVE-2021-3148

Medium priority

Some fixes available 1 of 7

An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is...

1 affected packages

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not in release Needs evaluation Not in release Fixed Not affected
Show less packages

CVE-2021-3144

Medium priority
Needs evaluation

In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)

1 affected packages

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not in release Needs evaluation Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2021-25284

Medium priority

Some fixes available 1 of 7

An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.

1 affected packages

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not in release Needs evaluation Not in release Fixed Not affected
Show less packages

CVE-2021-25283

Medium priority

Some fixes available 2 of 8

An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.

1 affected packages

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not in release Needs evaluation Not in release Fixed Fixed
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. Next page
Export to JSON