saltbundlepy-pyxattr (SUSE:EL-9:Update:Products:SaltBundle:Update) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:EL-9:Update:Products:SaltBundle:Update package saltbundlepy-pyxattr, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (4)
CVE-2025-62348 — CVSS 7.8 (high): Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module…
CVE-2025-62349 — CVSS 6.2 (medium): Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer…
CVE-2023-20897 — CVSS 5.3 (medium): Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to…
CVE-2023-20898 — CVSS 4.2 (medium): Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or…