Every CVE whose affected-product data names Saltstack Salt, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (52)
CVE-2013-4437 — CVSS 10.0 (critical): Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp."
CVE-2013-6617 — CVSS 10.0 (critical): The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote…
CVE-2021-25281 — CVSS 9.8 (critical): An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client…
CVE-2021-3197 — CVSS 9.8 (critical): An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including…
CVE-2021-3148 — CVSS 9.8 (critical): An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin…
CVE-2017-12791 — CVSS 9.8 (critical): Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote…
CVE-2017-14695 — CVSS 9.8 (critical): Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x…
CVE-2021-25315 — CVSS 9.8 (critical): CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to…
CVE-2021-25283 — CVSS 9.8 (critical): An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection…
CVE-2018-15751 — CVSS 9.8 (critical): SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands…
CVE-2019-17361 — CVSS 9.8 (critical): In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an…
CVE-2020-25592 — CVSS 9.8 (critical): In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke…
CVE-2021-33226 — CVSS 9.8 (critical): Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in…
CVE-2024-38824 — CVSS 9.6 (critical): Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.
CVE-2013-4436 — CVSS 9.3 (critical): The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote…
CVE-2021-25282 — CVSS 9.1 (critical): An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory…
CVE-2021-3144 — CVSS 9.1 (critical): In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master…
CVE-2016-9639 — CVSS 9.1 (critical): Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.
CVE-2022-22936 — CVSS 8.8 (high): An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible…
CVE-2022-22967 — CVSS 8.8 (high): An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows…
CVE-2017-5200 — CVSS 8.8 (high): Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on…
CVE-2022-22934 — CVSS 8.8 (high): An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the…
CVE-2017-5192 — CVSS 8.8 (high): When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before…
CVE-2022-22941 — CVSS 8.8 (high): An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a…
CVE-2016-1866 — CVSS 8.1 (high): Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute…
CVE-2017-8109 — CVSS 7.8 (high): The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting…
CVE-2020-28243 — CVSS 7.8 (high): An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process…
CVE-2021-31607 — CVSS 7.8 (high): In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege…
CVE-2017-14696 — CVSS 7.5 (high): SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of…
CVE-2021-21996 — CVSS 7.5 (high): An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file…
CVE-2015-4017 — CVSS 7.5 (high): Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules.
CVE-2013-4438 — CVSS 7.5 (high): Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states…
CVE-2020-35662 — CVSS 7.4 (high): In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.
CVE-2014-3563 — CVSS 7.2 (high): Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors…
CVE-2021-22004 — CVSS 6.4 (medium): An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf…
CVE-2013-4435 — CVSS 6.0 (medium): Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute…
CVE-2020-28972 — CVSS 5.9 (medium): In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always…
CVE-2016-3176 — CVSS 5.6 (medium): Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured…
CVE-2018-15750 — CVSS 5.3 (medium): Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to…
CVE-2015-1838 — CVSS 5.3 (medium): modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
CVE-2023-20897 — CVSS 5.3 (medium): Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to…
CVE-2013-4439 — CVSS 4.9 (medium): Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion…
CVE-2021-25284 — CVSS 4.4 (medium): An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
CVE-2023-20898 — CVSS 4.2 (medium): Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or…
CVE-2022-22935 — CVSS 3.7 (low): An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a…
CVE-2015-8034 — CVSS 3.3 (low): The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive…