📦 Salt

CVE-2024-38824 is a critical directory traversal vulnerability in SaltStack's recv_file method that allows attackers to write arbitrary files to the master cache directory. This affects SaltStack inst...

CVE-2021-33226 is a buffer overflow vulnerability in SaltStack's status module that could allow remote code execution. The vulnerability affects SaltStack versions 3003 and earlier, though exploitatio...

This vulnerability allows local attackers to execute arbitrary code via Salt without valid credentials due to improper authentication. It affects SUSE Linux Enterprise Server 15 SP3 and openSUSE Tumbl...

This vulnerability in SaltStack Salt allows expired eauth tokens to be reused once after expiration, potentially enabling attackers to execute unauthorized commands against the salt master or minions....

This vulnerability allows remote attackers to execute arbitrary shell commands on SaltStack Salt servers via shell injection in the salt-api SSH client. Attackers can exploit this by including malicio...

This vulnerability in SaltStack Salt allows unauthenticated remote attackers to execute arbitrary wheel modules on the Salt master via salt-api. The wheel_async client does not properly validate eauth...

This vulnerability allows server-side template injection (SSTI) in SaltStack Salt's Jinja renderer, enabling attackers to execute arbitrary code on Salt masters. It affects all SaltStack Salt deployme...

CVE-2020-25592 is an authentication bypass vulnerability in SaltStack Salt's REST API (salt-netapi) that allows attackers to execute arbitrary commands via Salt SSH without valid credentials. This aff...

This vulnerability in SaltStack Salt allows users with locked accounts to continue executing Salt commands if they were previously authenticated. It affects both local shell users with active sessions...

This vulnerability in SaltStack Salt allows attackers to substitute arbitrary pillar data by exploiting the Salt Master's failure to sign pillar data with minion public keys. This affects Salt Masters...

This vulnerability in SaltStack Salt allows attackers to replay job publishes and file server responses, potentially causing minions to execute outdated jobs or receive manipulated files. Under certai...