Saltstack : Security Vulnerabilities, CVEs, Published In 2017 (Bypass)

CVE-2017-5192

When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed.
Max CVSS
8.8
EPSS Score
0.21%
Published
2017-09-26
Updated
2017-10-06

CVE-2016-9639

Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.
Max CVSS
9.1
EPSS Score
0.28%
Published
2017-02-07
Updated
2017-02-09

CVE-2016-3176

Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.
Max CVSS
5.6
EPSS Score
0.10%
Published
2017-01-31
Updated
2017-02-07
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close