ALT-PU-2019-2322-2

BDU:2020-03941

CRITICAL9.8

Уязвимость компонента master.py системы управления конфигурациями и удалённого выполнения операций SaltStack, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Published: 2020-08-14Modified: 2024-09-24

CVSS 3.xCRITICAL 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2020-11651

BDU:2020-03942

MEDIUM6.5

Уязвимость компонента ClearFuncs системы управления конфигурациями и удалённого выполнения операций SaltStack, позволяющая нарушителю получить доступ к конфиденциальным данным

Published: 2020-08-14Modified: 2024-09-24

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:C/I:N/A:N

References

CVE-2020-11652

BDU:2020-03990

CRITICAL9.8

Уязвимость системы управления конфигурациями и удалённого выполнения операций SaltStack Salt, существующая из-за непринятия мер по нейтрализации специальных элементов, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Published: 2020-08-19Modified: 2023-02-15

CVSS 3.xCRITICAL 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 9.3

CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:C

References

CVE-2019-17361

BDU:2021-01180

HIGH7.4

Уязвимость системы управления конфигурациями и удалённого выполнения операций SaltStack Salt, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю выполнить атаку типа «человек посередине»

Published: 2021-03-09Modified: 2024-09-16

CVSS 3.xHIGH 7.4

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS 2.0HIGH 7.1

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:N

References

CVE-2020-28972

BDU:2021-01900

CRITICAL9.8

Уязвимость компонента salt-netapi системы управления конфигурациями и удалённого выполнения операций Salt, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Published: 2021-04-06Modified: 2024-09-16

CVSS 3.xCRITICAL 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0HIGH 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

References

CVE-2020-25592

BDU:2021-01902

MEDIUM5.5

Уязвимость модуля TLS системы управления конфигурациями и удалённого выполнения операций Salt, связанная с неправильным присвоением разрешений для критичного ресурса, позволяющая нарушителю получить доступ к конфиденциальным данным

Published: 2021-04-06Modified: 2024-09-16

CVSS 3.xMEDIUM 5.5

CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS 2.0LOW 2.1

CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:N

References

CVE-2020-17490

BDU:2021-01903

CRITICAL9.8

Уязвимость системы управления конфигурациями и удалённого выполнения операций Salt, связанная с отсутствием мер по нейтрализации специальных элементов, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Published: 2021-04-06Modified: 2024-09-24

CVSS 3.xCRITICAL 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0HIGH 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

References

CVE-2020-16846

BDU:2021-05977

CRITICAL9.8

Уязвимость системы управления конфигурациями и удалённого выполнения операций SaltStack Salt, связанная с неправильным ограничением доступа, позволяющая нарушителю получить несанкционированный доступ к другим ограниченным функциям

Published: 2021-12-13Modified: 2024-09-16

CVSS 3.xCRITICAL 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0HIGH 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

References

CVE-2021-25281

BDU:2021-06340

CRITICAL9.8

Уязвимость функции salt.utils.thin.gen_thin() системы управления конфигурациями и удалённого выполнения операций SaltStack Salt, позволяющая нарушителю выполнять произвольные команды в целевой системе

Published: 2021-12-24Modified: 2024-09-16

CVSS 3.xCRITICAL 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0HIGH 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

References

CVE-2021-3148

BDU:2021-06341

HIGH7.8

Уязвимость системы управления конфигурациями и удалённого выполнения операций SaltStack Salt, позволяющая нарушителю локально повысить привилегии.

Published: 2021-12-24Modified: 2024-09-16

CVSS 3.xHIGH 7.8

CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 4.6

CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:P

References

CVE-2020-28243

BDU:2021-06345

CRITICAL9.8

Уязвимость системы управления конфигурациями и удалённого выполнения операций SaltStack Salt, позволяющая нарушителю выполнять произвольные команды с повышенными привилегиями

Published: 2021-12-24Modified: 2024-09-16

CVSS 3.xCRITICAL 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2021-3197

BDU:2021-06348

CRITICAL9.8

Уязвимость компонента wheel.pillar_roots.write системы управления конфигурациями и удалённого выполнения операций SaltStack Salt, связанная с ошибками при проверке вводимых данных, позволяющая нарушителю выполнить произвольный код

Published: 2021-12-24Modified: 2024-09-16

CVSS 3.xCRITICAL 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0HIGH 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

References

CVE-2021-25283

BDU:2022-00038

CRITICAL9.8

Уязвимость системы управления конфигурациями и удалённого выполнения операций SaltStack Salt, связанная с ошибками при обработке запросов аутентификации для истекших токенов eauth, позволяющая нарушителю выполнить произвольные команды

Published: 2022-01-04Modified: 2024-09-16

CVSS 3.xCRITICAL 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2021-3144

BDU:2022-07041

HIGH7.4

Уязвимость системы управления конфигурациями и удалённого выполнения операций SaltStack Salt, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю выполнить атаку типа «человек посередине»

Published: 2022-11-30Modified: 2024-09-16

CVSS 3.xHIGH 7.4

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS 2.0HIGH 7.1

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:N

References

CVE-2020-35662

BDU:2022-07060

CRITICAL9.1

Уязвимость реализации метода salt.wheel.pillar_roots.write системы управления конфигурациями и удалённого выполнения операций SaltStack Salt, позволяющая нарушителю раскрыть защищаемую информацию

Published: 2022-11-30Modified: 2024-12-10

CVSS 3.xCRITICAL 9.1

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CVSS 2.0CRITICAL 9.4

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:C/A:C

References

CVE-2021-25282

CVE-2019-17361

CRITICAL9.8

In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.

Published: 2020-01-17Modified: 2024-11-21

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

CVE-2020-11651

CRITICAL9.8

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.

Published: 2020-04-30Modified: 2025-11-07

CVSS 2.0HIGH 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

CVE-2020-11652

MEDIUM6.5

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.

Published: 2020-04-30Modified: 2025-11-07

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

CVE-2020-16846

CRITICAL9.8

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.

Published: 2020-11-06Modified: 2025-11-07

CVSS 2.0HIGH 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

CVE-2020-17490

MEDIUM5.5

The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.

Published: 2020-11-06Modified: 2024-11-21

CVSS 2.0LOW 2.1

CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS 3.xMEDIUM 5.5

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

CVE-2020-25592

CRITICAL9.8

In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.

Published: 2020-11-06Modified: 2024-11-21

CVSS 2.0HIGH 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

CVE-2020-28243

HIGH7.8

An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory.

Published: 2021-02-27Modified: 2024-11-21

CVSS 2.0MEDIUM 4.4

CVSS:2.0/AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS 3.xHIGH 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

CVE-2020-28972

MEDIUM5.9

In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.

Published: 2021-02-27Modified: 2024-11-21

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS 3.xMEDIUM 5.9

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References

CVE-2020-35662

HIGH7.4

In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.

Published: 2021-02-27Modified: 2024-11-21

CVSS 2.0MEDIUM 5.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS 3.xHIGH 7.4

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

References

CVE-2021-25281

CRITICAL9.8

An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.

Published: 2021-02-27Modified: 2024-11-21

CVSS 2.0HIGH 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

CVE-2021-25282

CRITICAL9.1

An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.

Published: 2021-02-27Modified: 2024-11-21

CVSS 2.0MEDIUM 6.4

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS 3.xCRITICAL 9.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

References

CVE-2021-25283

CRITICAL9.8

An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.

Published: 2021-02-27Modified: 2024-11-21

CVSS 2.0HIGH 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

CVE-2021-25284

MEDIUM4.4

An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.

Published: 2021-02-27Modified: 2024-11-21

CVSS 2.0LOW 1.9

CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:P/A:N

CVSS 3.xMEDIUM 4.4

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

References

CVE-2021-3144

CRITICAL9.1

In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)

Published: 2021-02-27Modified: 2024-11-21

CVSS 2.0HIGH 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS 3.xCRITICAL 9.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References

CVE-2021-3148

CRITICAL9.8

An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.

Published: 2021-02-27Modified: 2024-11-21

CVSS 2.0HIGH 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

CVE-2021-3197

CRITICAL9.8

An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.

Published: 2021-02-27Modified: 2024-11-21

CVSS 2.0HIGH 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

GHSA-29j3-2446-5j4w

CRITICAL9.8

SaltStack Salt Improper Validation of eauth credentials and tokens in salt-netapi

Published: 2022-05-24Modified: 2024-10-22

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

GHSA-3c56-vx6v-q5vh

MEDIUM5.5

SaltStack Salt Allows creating certificates with weak file permissions

Published: 2022-05-24Modified: 2024-10-22

CVSS 3.xMEDIUM 5.5

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

GHSA-76x4-x3p6-rpr9

HIGH8.8

SaltStack Salt Directory Traversal vulnerability

Published: 2022-05-24Modified: 2024-10-27

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CVSS 4.0HIGH 8.8

CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

References

GHSA-8rp6-x3r7-5qw3

CRITICAL9.8

SaltStack Salt is vulnerable to shell injection via ProxyCommand argument

Published: 2022-05-24Modified: 2024-10-23

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

GHSA-ghc2-hx3w-jqmp

CRITICAL9.8

SaltStack Salt command injection in the Salt-API when using the Salt-SSH client

Published: 2022-05-24Modified: 2024-10-23

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

GHSA-phhw-3wc9-8q75

HIGH7.8

SaltStack Salt command injection via a crafted process name

Published: 2022-05-24Modified: 2024-10-22

CVSS 3.xHIGH 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

GHSA-pjhf-vpx3-33r3

CRITICAL9.3

SaltStack Salt Unauthenticated Remote Code Execution

Published: 2022-05-24Modified: 2024-10-27

CVSS 3.xCRITICAL 9.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 4.0CRITICAL 9.3

CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

GHSA-q53j-p6r2-g2v4

CRITICAL9.8

SaltStack Salt is vulnerable to command injection

Published: 2022-05-24Modified: 2024-10-22

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

GHSA-qr38-h96j-2j3w

CRITICAL9.8

SaltStack Salt Command Injection in netapi ssh client

Published: 2022-05-24Modified: 2025-10-22

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

References

GHSA-qx72-q6w3-qgc7

HIGH7.4

SaltStack Salt Improper SSL Certificate Validation

Published: 2022-05-24Modified: 2024-10-22

CVSS 3.xHIGH 7.4

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

References

GHSA-r55w-xph5-xvx2

MEDIUM4.4

SaltStack Salt Cleartext Storage of Sensitive Information via cmdmod

Published: 2022-05-24Modified: 2024-10-23

CVSS 3.xMEDIUM 4.4

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

References

GHSA-vp49-2g4r-m3x3

HIGH7.1

SaltStack Salt is vulnerable Arbitrary Directory Access

Published: 2022-05-24Modified: 2025-10-22

CVSS 3.xHIGH 7.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:H

CVSS 4.0HIGH 7.1

CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A

References

GHSA-w2hr-3mc8-46gh

CRITICAL9.1

SaltStack Salt eauth tokens can be used once after expiration

Published: 2022-05-24Modified: 2024-10-23

CVSS 3.xCRITICAL 9.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References

GHSA-w589-r335-4f55

HIGH8.2

SaltStack Salt Improper Certificate Validation

Published: 2022-05-24Modified: 2024-10-27

CVSS 3.xHIGH 8.2

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS 4.0HIGH 8.2

CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

References

GHSA-xgmh-gfxw-2hvv

CRITICAL9.8

SaltStack Salt Server Side Template Injection

Published: 2022-05-24Modified: 2024-10-23

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

GHSA-xxw3-765m-f37p

CRITICAL9.8

SaltStack Salt Improper Authentication vulnerability

Published: 2022-05-24Modified: 2024-10-23

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Package update salt in branch sisyphus

Closed issues (47)

Уязвимость системы управления конфигурациями и удалённого выполнения операций SaltStack Salt, позволяющая нарушителю локально повысить привилегии.

In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.

The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.

In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.

An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory.

In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.

In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.

An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.

An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.

An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.

An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.

In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)

An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.

An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.

SaltStack Salt Improper Validation of eauth credentials and tokens in salt-netapi

SaltStack Salt Allows creating certificates with weak file permissions

SaltStack Salt Directory Traversal vulnerability

SaltStack Salt is vulnerable to shell injection via ProxyCommand argument

SaltStack Salt command injection in the Salt-API when using the Salt-SSH client

SaltStack Salt command injection via a crafted process name

SaltStack Salt Unauthenticated Remote Code Execution

SaltStack Salt is vulnerable to command injection

SaltStack Salt Command Injection in netapi ssh client

SaltStack Salt Improper SSL Certificate Validation

SaltStack Salt Cleartext Storage of Sensitive Information via cmdmod

SaltStack Salt is vulnerable Arbitrary Directory Access

SaltStack Salt eauth tokens can be used once after expiration

SaltStack Salt Improper Certificate Validation

SaltStack Salt Server Side Template Injection

SaltStack Salt Improper Authentication vulnerability