salt (SUSE:Linux Enterprise Server 15 SP2-LTSS) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 15 SP2-LTSS package salt, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (11)
CVE-2022-22967 — CVSS 8.8 (high): An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows…
CVE-2022-22934 — CVSS 8.8 (high): An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the…
CVE-2022-22936 — CVSS 8.8 (high): An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible…
CVE-2022-22941 — CVSS 8.8 (high): An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a…
CVE-2024-22232 — CVSS 7.7 (high): A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary…
CVE-2023-34049 — CVSS 6.7 (medium): The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run…
CVE-2023-28370 — CVSS 6.1 (medium): Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an…
CVE-2023-20897 — CVSS 5.3 (medium): Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to…
CVE-2024-22231 — CVSS 5.0 (medium): Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create…
CVE-2023-20898 — CVSS 4.2 (medium): Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or…
CVE-2022-22935 — CVSS 3.7 (low): An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a…