Saltstack : Security Vulnerabilities, CVEs, Published In 2017 (Bypass)
When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed.
Max CVSS
8.8
EPSS Score
0.21%
Published
2017-09-26
Updated
2017-10-06
Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.
Max CVSS
9.1
EPSS Score
0.28%
Published
2017-02-07
Updated
2017-02-09
Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.
Max CVSS
5.6
EPSS Score
0.10%
Published
2017-01-31
Updated
2017-02-07
3 vulnerabilities found