Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/salt@3000.2
Typepypi
Namespace
Namesalt
Version3000.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3005.2
Latest_non_vulnerable_version3007.9
Affected_by_vulnerabilities
0
url VCID-2ds7-ga65-r3b6
vulnerability_id VCID-2ds7-ga65-r3b6
summary An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
references
0
reference_url https://github.com/saltstack/salt/releases
reference_id
reference_type
scores
url https://github.com/saltstack/salt/releases
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
4
reference_url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
5
reference_url https://security.gentoo.org/glsa/202103-01
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202103-01
fixed_packages
0
url pkg:pypi/salt@3000.6
purl pkg:pypi/salt@3000.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6
1
url pkg:pypi/salt@3001.4
purl pkg:pypi/salt@3001.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4
2
url pkg:pypi/salt@3002.5
purl pkg:pypi/salt@3002.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5
aliases CVE-2021-3148, PYSEC-2021-55
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2ds7-ga65-r3b6
1
url VCID-2h9s-fgnc-1qeg
vulnerability_id VCID-2h9s-fgnc-1qeg
summary An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory.
references
0
reference_url https://github.com/stealthcopter/CVE-2020-28243
reference_id
reference_type
scores
url https://github.com/stealthcopter/CVE-2020-28243
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
4
reference_url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
5
reference_url https://sec.stealthcopter.com/cve-2020-28243/
reference_id
reference_type
scores
url https://sec.stealthcopter.com/cve-2020-28243/
6
reference_url https://security.gentoo.org/glsa/202103-01
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202103-01
fixed_packages
0
url pkg:pypi/salt@3000.6
purl pkg:pypi/salt@3000.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6
1
url pkg:pypi/salt@3001.4
purl pkg:pypi/salt@3001.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4
2
url pkg:pypi/salt@3002.5
purl pkg:pypi/salt@3002.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5
aliases CVE-2020-28243, PYSEC-2021-73
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2h9s-fgnc-1qeg
2
url VCID-47u4-vdsp-c3ct
vulnerability_id VCID-47u4-vdsp-c3ct
summary An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion software.
references
0
reference_url https://github.com/advisories/GHSA-xf37-qcvf-7m57
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-xf37-qcvf-7m57
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5/
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT/
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ/
4
reference_url https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/
fixed_packages
0
url pkg:pypi/salt@3003.3
purl pkg:pypi/salt@3003.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ce2x-ehyk-nufk
1
vulnerability VCID-nehw-r7zm-j7bb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3003.3
aliases CVE-2021-22004, GHSA-xf37-qcvf-7m57, PYSEC-2021-346
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-47u4-vdsp-c3ct
3
url VCID-48r4-3qds-bbhv
vulnerability_id VCID-48r4-3qds-bbhv
summary In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely).
references
0
reference_url https://github.com/advisories/GHSA-hcjf-rp5h-g5h3
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-hcjf-rp5h-g5h3
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LDKMAJXYFHM4USVX3H5V2GCCBGASWUSM/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LDKMAJXYFHM4USVX3H5V2GCCBGASWUSM/
2
reference_url https://sec.stealthcopter.com/saltstack-snapper-minion-privledge-escaltion/
reference_id
reference_type
scores
url https://sec.stealthcopter.com/saltstack-snapper-minion-privledge-escaltion/
fixed_packages
0
url pkg:pypi/salt@3003rc1
purl pkg:pypi/salt@3003rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-a8kw-uehx-xfg5
2
vulnerability VCID-ce2x-ehyk-nufk
3
vulnerability VCID-nehw-r7zm-j7bb
4
vulnerability VCID-saff-gz5j-8kex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3003rc1
aliases CVE-2021-31607, GHSA-hcjf-rp5h-g5h3, PYSEC-2021-56
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-48r4-3qds-bbhv
4
url VCID-5hr1-5aec-43h3
vulnerability_id VCID-5hr1-5aec-43h3
summary An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.
references
0
reference_url http://packetstormsecurity.com/files/162058/SaltStack-Salt-API-Unauthenticated-Remote-Command-Execution.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/162058/SaltStack-Salt-API-Unauthenticated-Remote-Command-Execution.html
1
reference_url https://github.com/saltstack/salt/releases
reference_id
reference_type
scores
url https://github.com/saltstack/salt/releases
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
5
reference_url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
6
reference_url https://security.gentoo.org/glsa/202103-01
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202103-01
fixed_packages
0
url pkg:pypi/salt@3000.6
purl pkg:pypi/salt@3000.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6
1
url pkg:pypi/salt@3001.4
purl pkg:pypi/salt@3001.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4
2
url pkg:pypi/salt@3002.5
purl pkg:pypi/salt@3002.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5
aliases CVE-2021-25282, PYSEC-2021-51
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5hr1-5aec-43h3
5
url VCID-65p4-5x86-y3fj
vulnerability_id VCID-65p4-5x86-y3fj
summary An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.
references
0
reference_url https://github.com/saltstack/salt/releases
reference_id
reference_type
scores
url https://github.com/saltstack/salt/releases
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
4
reference_url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
5
reference_url https://security.gentoo.org/glsa/202103-01
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202103-01
fixed_packages
0
url pkg:pypi/salt@3000.6
purl pkg:pypi/salt@3000.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6
1
url pkg:pypi/salt@3001.4
purl pkg:pypi/salt@3001.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4
2
url pkg:pypi/salt@3002.5
purl pkg:pypi/salt@3002.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5
aliases CVE-2021-25283, PYSEC-2021-52
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-65p4-5x86-y3fj
6
url VCID-6cfw-9xe8-43d6
vulnerability_id VCID-6cfw-9xe8-43d6
summary In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.
references
0
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
3
reference_url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
4
reference_url https://security.gentoo.org/glsa/202103-01
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202103-01
fixed_packages
0
url pkg:pypi/salt@3000.6
purl pkg:pypi/salt@3000.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6
1
url pkg:pypi/salt@3001.4
purl pkg:pypi/salt@3001.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4
2
url pkg:pypi/salt@3002.5
purl pkg:pypi/salt@3002.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5
aliases CVE-2020-35662, PYSEC-2021-75
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6cfw-9xe8-43d6
7
url VCID-8mpz-ke16-fbej
vulnerability_id VCID-8mpz-ke16-fbej
summary An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master.
references
0
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2022-172.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2022-172.yaml
1
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
url https://github.com/saltstack/salt
2
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.8.rst#L31
reference_id
reference_type
scores
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.8.rst#L31
3
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3003.4.rst#L31
reference_id
reference_type
scores
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3003.4.rst#L31
4
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3004.1.rst#L29
reference_id
reference_type
scores
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3004.1.rst#L29
5
reference_url https://github.com/saltstack/salt/releases,
reference_id
reference_type
scores
url https://github.com/saltstack/salt/releases,
6
reference_url https://repo.saltproject.io/
reference_id
reference_type
scores
url https://repo.saltproject.io/
7
reference_url https://saltproject.io/security_announcements/salt-security-advisory-release
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/salt-security-advisory-release
8
reference_url https://saltproject.io/security_announcements/salt-security-advisory-release/,
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/salt-security-advisory-release/,
9
reference_url https://security.gentoo.org/glsa/202310-22
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202310-22
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22935
reference_id CVE-2022-22935
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-22935
11
reference_url https://github.com/advisories/GHSA-cvcc-5x92-gmhc
reference_id GHSA-cvcc-5x92-gmhc
reference_type
scores
url https://github.com/advisories/GHSA-cvcc-5x92-gmhc
fixed_packages
0
url pkg:pypi/salt@3002.8
purl pkg:pypi/salt@3002.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-a8kw-uehx-xfg5
3
vulnerability VCID-ce2x-ehyk-nufk
4
vulnerability VCID-h4tm-9wqz-1qge
5
vulnerability VCID-nehw-r7zm-j7bb
6
vulnerability VCID-saff-gz5j-8kex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.8
1
url pkg:pypi/salt@3003.4
purl pkg:pypi/salt@3003.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ce2x-ehyk-nufk
1
vulnerability VCID-nehw-r7zm-j7bb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3003.4
2
url pkg:pypi/salt@3004.1
purl pkg:pypi/salt@3004.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ce2x-ehyk-nufk
1
vulnerability VCID-nehw-r7zm-j7bb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3004.1
aliases CVE-2022-22935, GHSA-cvcc-5x92-gmhc, PYSEC-2022-172
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8mpz-ke16-fbej
8
url VCID-a8kw-uehx-xfg5
vulnerability_id VCID-a8kw-uehx-xfg5
summary An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.
references
0
reference_url https://github.com/advisories/GHSA-pf7h-h2wq-m7pg
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-pf7h-h2wq-m7pg
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-318.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-318.yaml
2
reference_url https://lists.debian.org/debian-lts-announce/2021/11/msg00017.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2021/11/msg00017.html
3
reference_url https://lists.debian.org/debian-lts-announce/2021/11/msg00019.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2021/11/msg00019.html
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ/
7
reference_url https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/
8
reference_url https://www.debian.org/security/2021/dsa-5011
reference_id
reference_type
scores
url https://www.debian.org/security/2021/dsa-5011
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21996
reference_id CVE-2021-21996
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-21996
fixed_packages
0
url pkg:pypi/salt@3003.3
purl pkg:pypi/salt@3003.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ce2x-ehyk-nufk
1
vulnerability VCID-nehw-r7zm-j7bb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3003.3
aliases CVE-2021-21996, GHSA-pf7h-h2wq-m7pg, PYSEC-2021-318
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a8kw-uehx-xfg5
9
url VCID-ce2x-ehyk-nufk
vulnerability_id VCID-ce2x-ehyk-nufk
summary Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. Anything that uses Git Providers with different environments can get garbage data or the wrong data, which can lead to wrongful data disclosure, wrongful executions, data corruption and/or crash.
references
0
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2023-169.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2023-169.yaml
1
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
url https://github.com/saltstack/salt
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OMWJIHQZXHK6FH2E3IWAZCYIRI7FLVOL
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OMWJIHQZXHK6FH2E3IWAZCYIRI7FLVOL
3
reference_url https://saltproject.io/security-announcements/2023-08-10-advisory
reference_id
reference_type
scores
url https://saltproject.io/security-announcements/2023-08-10-advisory
4
reference_url https://saltproject.io/security-announcements/2023-08-10-advisory/
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://saltproject.io/security-announcements/2023-08-10-advisory/
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-20898
reference_id CVE-2023-20898
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-20898
6
reference_url https://github.com/advisories/GHSA-qvh6-3j7x-3hq7
reference_id GHSA-qvh6-3j7x-3hq7
reference_type
scores
url https://github.com/advisories/GHSA-qvh6-3j7x-3hq7
fixed_packages
0
url pkg:pypi/salt@3005.2
purl pkg:pypi/salt@3005.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3005.2
1
url pkg:pypi/salt@3006.2
purl pkg:pypi/salt@3006.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.2
aliases CVE-2023-20898, GHSA-qvh6-3j7x-3hq7, PYSEC-2023-169
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ce2x-ehyk-nufk
10
url VCID-cubj-wrbp-1qbu
vulnerability_id VCID-cubj-wrbp-1qbu
summary An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html
1
reference_url http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html
2
reference_url https://github.com/saltstack/salt/releases
reference_id
reference_type
scores
url https://github.com/saltstack/salt/releases
3
reference_url https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/
5
reference_url https://security.gentoo.org/glsa/202011-13
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202011-13
6
reference_url https://www.debian.org/security/2021/dsa-4837
reference_id
reference_type
scores
url https://www.debian.org/security/2021/dsa-4837
7
reference_url https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
reference_id
reference_type
scores
url https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
8
reference_url https://www.zerodayinitiative.com/advisories/ZDI-20-1379/
reference_id
reference_type
scores
url https://www.zerodayinitiative.com/advisories/ZDI-20-1379/
9
reference_url https://www.zerodayinitiative.com/advisories/ZDI-20-1380/
reference_id
reference_type
scores
url https://www.zerodayinitiative.com/advisories/ZDI-20-1380/
10
reference_url https://www.zerodayinitiative.com/advisories/ZDI-20-1381/
reference_id
reference_type
scores
url https://www.zerodayinitiative.com/advisories/ZDI-20-1381/
11
reference_url https://www.zerodayinitiative.com/advisories/ZDI-20-1382/
reference_id
reference_type
scores
url https://www.zerodayinitiative.com/advisories/ZDI-20-1382/
12
reference_url https://www.zerodayinitiative.com/advisories/ZDI-20-1383/
reference_id
reference_type
scores
url https://www.zerodayinitiative.com/advisories/ZDI-20-1383/
fixed_packages
0
url pkg:pypi/salt@3000.3
purl pkg:pypi/salt@3000.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-47u4-vdsp-c3ct
3
vulnerability VCID-48r4-3qds-bbhv
4
vulnerability VCID-5hr1-5aec-43h3
5
vulnerability VCID-65p4-5x86-y3fj
6
vulnerability VCID-6cfw-9xe8-43d6
7
vulnerability VCID-8mpz-ke16-fbej
8
vulnerability VCID-a8kw-uehx-xfg5
9
vulnerability VCID-ce2x-ehyk-nufk
10
vulnerability VCID-h4tm-9wqz-1qge
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-mbpz-g2vs-tqc1
14
vulnerability VCID-neby-tsrt-ryg5
15
vulnerability VCID-nehw-r7zm-j7bb
16
vulnerability VCID-p4xa-ks7v-wbay
17
vulnerability VCID-saff-gz5j-8kex
18
vulnerability VCID-v43a-k2bg-wkbz
19
vulnerability VCID-w2qv-hbsf-xyfh
20
vulnerability VCID-znn9-qud3-wqat
21
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.3
aliases CVE-2020-16846, PYSEC-2020-104
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cubj-wrbp-1qbu
11
url VCID-h4tm-9wqz-1qge
vulnerability_id VCID-h4tm-9wqz-1qge
summary An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an active session and salt-api users that authenticate via PAM eauth.
references
0
reference_url https://github.com/advisories/GHSA-fpxm-fprw-6hxj
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-fpxm-fprw-6hxj
1
reference_url https://repo.saltproject.io/
reference_id
reference_type
scores
url https://repo.saltproject.io/
2
reference_url https://saltproject.io/security_announcements/salt-security-advisory-release-june-21st-2022/,
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/salt-security-advisory-release-june-21st-2022/,
fixed_packages
0
url pkg:pypi/salt@3002.9
purl pkg:pypi/salt@3002.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-a8kw-uehx-xfg5
3
vulnerability VCID-ce2x-ehyk-nufk
4
vulnerability VCID-nehw-r7zm-j7bb
5
vulnerability VCID-saff-gz5j-8kex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.9
aliases CVE-2022-22967, GHSA-fpxm-fprw-6hxj, PYSEC-2022-210
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h4tm-9wqz-1qge
12
url VCID-j5th-837s-fkft
vulnerability_id VCID-j5th-837s-fkft
summary In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html
1
reference_url http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html
2
reference_url https://docs.saltstack.com/en/latest/topics/releases/index.html
reference_id
reference_type
scores
url https://docs.saltstack.com/en/latest/topics/releases/index.html
3
reference_url https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/
5
reference_url https://security.gentoo.org/glsa/202011-13
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202011-13
6
reference_url https://www.debian.org/security/2021/dsa-4837
reference_id
reference_type
scores
url https://www.debian.org/security/2021/dsa-4837
7
reference_url https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
reference_id
reference_type
scores
url https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
fixed_packages
0
url pkg:pypi/salt@3000.3
purl pkg:pypi/salt@3000.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-47u4-vdsp-c3ct
3
vulnerability VCID-48r4-3qds-bbhv
4
vulnerability VCID-5hr1-5aec-43h3
5
vulnerability VCID-65p4-5x86-y3fj
6
vulnerability VCID-6cfw-9xe8-43d6
7
vulnerability VCID-8mpz-ke16-fbej
8
vulnerability VCID-a8kw-uehx-xfg5
9
vulnerability VCID-ce2x-ehyk-nufk
10
vulnerability VCID-h4tm-9wqz-1qge
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-mbpz-g2vs-tqc1
14
vulnerability VCID-neby-tsrt-ryg5
15
vulnerability VCID-nehw-r7zm-j7bb
16
vulnerability VCID-p4xa-ks7v-wbay
17
vulnerability VCID-saff-gz5j-8kex
18
vulnerability VCID-v43a-k2bg-wkbz
19
vulnerability VCID-w2qv-hbsf-xyfh
20
vulnerability VCID-znn9-qud3-wqat
21
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.3
aliases CVE-2020-25592, PYSEC-2020-106
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j5th-837s-fkft
13
url VCID-jbea-m4ak-tqd7
vulnerability_id VCID-jbea-m4ak-tqd7
summary The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html
1
reference_url https://docs.saltstack.com/en/latest/topics/releases/index.html#latest-branch-release
reference_id
reference_type
scores
url https://docs.saltstack.com/en/latest/topics/releases/index.html#latest-branch-release
2
reference_url https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/
4
reference_url https://security.gentoo.org/glsa/202011-13
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202011-13
5
reference_url https://www.debian.org/security/2021/dsa-4837
reference_id
reference_type
scores
url https://www.debian.org/security/2021/dsa-4837
6
reference_url https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
reference_id
reference_type
scores
url https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
fixed_packages
0
url pkg:pypi/salt@3000.3
purl pkg:pypi/salt@3000.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-47u4-vdsp-c3ct
3
vulnerability VCID-48r4-3qds-bbhv
4
vulnerability VCID-5hr1-5aec-43h3
5
vulnerability VCID-65p4-5x86-y3fj
6
vulnerability VCID-6cfw-9xe8-43d6
7
vulnerability VCID-8mpz-ke16-fbej
8
vulnerability VCID-a8kw-uehx-xfg5
9
vulnerability VCID-ce2x-ehyk-nufk
10
vulnerability VCID-h4tm-9wqz-1qge
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-mbpz-g2vs-tqc1
14
vulnerability VCID-neby-tsrt-ryg5
15
vulnerability VCID-nehw-r7zm-j7bb
16
vulnerability VCID-p4xa-ks7v-wbay
17
vulnerability VCID-saff-gz5j-8kex
18
vulnerability VCID-v43a-k2bg-wkbz
19
vulnerability VCID-w2qv-hbsf-xyfh
20
vulnerability VCID-znn9-qud3-wqat
21
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.3
aliases CVE-2020-17490, PYSEC-2020-105
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jbea-m4ak-tqd7
14
url VCID-jyxg-h3a9-8ygv
vulnerability_id VCID-jyxg-h3a9-8ygv
summary An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisher_acl, if a user configured in the publisher_acl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid, allowing configured users to target any of the minions connected to the syndic with their configured commands. This requires a syndic master combined with publisher_acl configured on the Master-of-Masters, allowing users specified in the publisher_acl to bypass permissions, publishing authorized commands to any configured minion.
references
0
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2022-174.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2022-174.yaml
1
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
url https://github.com/saltstack/salt
2
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.8.rst#L31
reference_id
reference_type
scores
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.8.rst#L31
3
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3003.4.rst#L32
reference_id
reference_type
scores
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3003.4.rst#L32
4
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3004.1.rst#L30
reference_id
reference_type
scores
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3004.1.rst#L30
5
reference_url https://github.com/saltstack/salt/releases,
reference_id
reference_type
scores
url https://github.com/saltstack/salt/releases,
6
reference_url https://repo.saltproject.io
reference_id
reference_type
scores
url https://repo.saltproject.io
7
reference_url https://repo.saltproject.io/
reference_id
reference_type
scores
url https://repo.saltproject.io/
8
reference_url https://saltproject.io/security_announcements/salt-security-advisory-release/,
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/salt-security-advisory-release/,
9
reference_url https://security.gentoo.org/glsa/202310-22
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202310-22
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22941
reference_id CVE-2022-22941
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-22941
11
reference_url https://github.com/advisories/GHSA-qcr3-hr2f-6557
reference_id GHSA-qcr3-hr2f-6557
reference_type
scores
url https://github.com/advisories/GHSA-qcr3-hr2f-6557
fixed_packages
0
url pkg:pypi/salt@3002.8
purl pkg:pypi/salt@3002.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-a8kw-uehx-xfg5
3
vulnerability VCID-ce2x-ehyk-nufk
4
vulnerability VCID-h4tm-9wqz-1qge
5
vulnerability VCID-nehw-r7zm-j7bb
6
vulnerability VCID-saff-gz5j-8kex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.8
1
url pkg:pypi/salt@3003.4
purl pkg:pypi/salt@3003.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ce2x-ehyk-nufk
1
vulnerability VCID-nehw-r7zm-j7bb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3003.4
2
url pkg:pypi/salt@3004.1
purl pkg:pypi/salt@3004.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ce2x-ehyk-nufk
1
vulnerability VCID-nehw-r7zm-j7bb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3004.1
aliases CVE-2022-22941, GHSA-qcr3-hr2f-6557, PYSEC-2022-174
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jyxg-h3a9-8ygv
15
url VCID-k1gu-khda-jyeb
vulnerability_id VCID-k1gu-khda-jyeb
summary An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data.
references
0
reference_url https://blog.cloudflare.com/future-proofing-saltstack
reference_id
reference_type
scores
url https://blog.cloudflare.com/future-proofing-saltstack
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2022-171.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2022-171.yaml
2
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
url https://github.com/saltstack/salt
3
reference_url https://github.com/saltstack/salt/releases
reference_id
reference_type
scores
url https://github.com/saltstack/salt/releases
4
reference_url https://github.com/saltstack/salt/releases,
reference_id
reference_type
scores
url https://github.com/saltstack/salt/releases,
5
reference_url https://repo.saltproject.io
reference_id
reference_type
scores
url https://repo.saltproject.io
6
reference_url https://repo.saltproject.io/
reference_id
reference_type
scores
url https://repo.saltproject.io/
7
reference_url https://saltproject.io/security_announcements/salt-security-advisory-release/,
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/salt-security-advisory-release/,
8
reference_url https://security.gentoo.org/glsa/202310-22
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202310-22
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22934
reference_id CVE-2022-22934
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-22934
10
reference_url https://github.com/advisories/GHSA-2q4g-wfm6-5fpm
reference_id GHSA-2q4g-wfm6-5fpm
reference_type
scores
url https://github.com/advisories/GHSA-2q4g-wfm6-5fpm
fixed_packages
0
url pkg:pypi/salt@3002.8
purl pkg:pypi/salt@3002.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-a8kw-uehx-xfg5
3
vulnerability VCID-ce2x-ehyk-nufk
4
vulnerability VCID-h4tm-9wqz-1qge
5
vulnerability VCID-nehw-r7zm-j7bb
6
vulnerability VCID-saff-gz5j-8kex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.8
1
url pkg:pypi/salt@3003.4
purl pkg:pypi/salt@3003.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ce2x-ehyk-nufk
1
vulnerability VCID-nehw-r7zm-j7bb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3003.4
2
url pkg:pypi/salt@3004.1
purl pkg:pypi/salt@3004.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ce2x-ehyk-nufk
1
vulnerability VCID-nehw-r7zm-j7bb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3004.1
aliases CVE-2022-22934, GHSA-2q4g-wfm6-5fpm, PYSEC-2022-171
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k1gu-khda-jyeb
16
url VCID-mbpz-g2vs-tqc1
vulnerability_id VCID-mbpz-g2vs-tqc1
summary In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.
references
0
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
3
reference_url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
4
reference_url https://security.gentoo.org/glsa/202103-01
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202103-01
fixed_packages
0
url pkg:pypi/salt@3000.6
purl pkg:pypi/salt@3000.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6
1
url pkg:pypi/salt@3001.4
purl pkg:pypi/salt@3001.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4
2
url pkg:pypi/salt@3002.5
purl pkg:pypi/salt@3002.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5
aliases CVE-2020-28972, PYSEC-2021-74
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mbpz-g2vs-tqc1
17
url VCID-neby-tsrt-ryg5
vulnerability_id VCID-neby-tsrt-ryg5
summary An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
references
0
reference_url https://github.com/saltstack/salt/releases
reference_id
reference_type
scores
url https://github.com/saltstack/salt/releases
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
4
reference_url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
5
reference_url https://security.gentoo.org/glsa/202103-01
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202103-01
fixed_packages
0
url pkg:pypi/salt@3000.6
purl pkg:pypi/salt@3000.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6
1
url pkg:pypi/salt@3001.4
purl pkg:pypi/salt@3001.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4
2
url pkg:pypi/salt@3002.5
purl pkg:pypi/salt@3002.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5
aliases CVE-2021-25284, PYSEC-2021-53
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-neby-tsrt-ryg5
18
url VCID-nehw-r7zm-j7bb
vulnerability_id VCID-nehw-r7zm-j7bb
summary Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted.
references
0
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2023-166.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2023-166.yaml
1
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
url https://github.com/saltstack/salt
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OMWJIHQZXHK6FH2E3IWAZCYIRI7FLVOL
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OMWJIHQZXHK6FH2E3IWAZCYIRI7FLVOL
3
reference_url https://saltproject.io/security-announcements/2023-08-10-advisory
reference_id
reference_type
scores
url https://saltproject.io/security-announcements/2023-08-10-advisory
4
reference_url https://saltproject.io/security-announcements/2023-08-10-advisory/
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://saltproject.io/security-announcements/2023-08-10-advisory/
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-20897
reference_id CVE-2023-20897
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-20897
6
reference_url https://github.com/advisories/GHSA-vpjg-wmf8-29h9
reference_id GHSA-vpjg-wmf8-29h9
reference_type
scores
url https://github.com/advisories/GHSA-vpjg-wmf8-29h9
fixed_packages
0
url pkg:pypi/salt@3005.2
purl pkg:pypi/salt@3005.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3005.2
1
url pkg:pypi/salt@3006.2
purl pkg:pypi/salt@3006.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.2
aliases CVE-2023-20897, GHSA-vpjg-wmf8-29h9, PYSEC-2023-166
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nehw-r7zm-j7bb
19
url VCID-p4xa-ks7v-wbay
vulnerability_id VCID-p4xa-ks7v-wbay
summary An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.
references
0
reference_url http://packetstormsecurity.com/files/162058/SaltStack-Salt-API-Unauthenticated-Remote-Command-Execution.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/162058/SaltStack-Salt-API-Unauthenticated-Remote-Command-Execution.html
1
reference_url https://github.com/saltstack/salt/releases
reference_id
reference_type
scores
url https://github.com/saltstack/salt/releases
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
5
reference_url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
6
reference_url https://security.gentoo.org/glsa/202103-01
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202103-01
7
reference_url https://www.saltstack.com/blog/active-saltstack-cve-announced-2021-jan-21/
reference_id
reference_type
scores
url https://www.saltstack.com/blog/active-saltstack-cve-announced-2021-jan-21/
fixed_packages
0
url pkg:pypi/salt@3000.6
purl pkg:pypi/salt@3000.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6
1
url pkg:pypi/salt@3001.4
purl pkg:pypi/salt@3001.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4
2
url pkg:pypi/salt@3002.5
purl pkg:pypi/salt@3002.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5
aliases CVE-2021-25281, PYSEC-2021-50
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p4xa-ks7v-wbay
20
url VCID-saff-gz5j-8kex
vulnerability_id VCID-saff-gz5j-8kex
summary Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file.
references
0
reference_url https://github.com/saltstack/salt/blob/master/salt/modules/status.py
reference_id
reference_type
scores
url https://github.com/saltstack/salt/blob/master/salt/modules/status.py
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33226
reference_id CVE-2021-33226
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-33226
fixed_packages
0
url pkg:pypi/salt@3003.1
purl pkg:pypi/salt@3003.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-a8kw-uehx-xfg5
2
vulnerability VCID-ce2x-ehyk-nufk
3
vulnerability VCID-nehw-r7zm-j7bb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3003.1
aliases CVE-2021-33226, PYSEC-2023-47
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-saff-gz5j-8kex
21
url VCID-v43a-k2bg-wkbz
vulnerability_id VCID-v43a-k2bg-wkbz
summary An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.
references
0
reference_url https://github.com/saltstack/salt/releases
reference_id
reference_type
scores
url https://github.com/saltstack/salt/releases
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
4
reference_url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
5
reference_url https://security.gentoo.org/glsa/202103-01
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202103-01
fixed_packages
0
url pkg:pypi/salt@3000.6
purl pkg:pypi/salt@3000.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6
1
url pkg:pypi/salt@3001.4
purl pkg:pypi/salt@3001.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4
2
url pkg:pypi/salt@3002.5
purl pkg:pypi/salt@3002.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5
aliases CVE-2021-3197, PYSEC-2021-57
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v43a-k2bg-wkbz
22
url VCID-w2qv-hbsf-xyfh
vulnerability_id VCID-w2qv-hbsf-xyfh
summary In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
references
0
reference_url https://github.com/saltstack/salt/releases
reference_id
reference_type
scores
url https://github.com/saltstack/salt/releases
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
4
reference_url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
5
reference_url https://security.gentoo.org/glsa/202103-01
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202103-01
fixed_packages
0
url pkg:pypi/salt@3000.6
purl pkg:pypi/salt@3000.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6
1
url pkg:pypi/salt@3001.4
purl pkg:pypi/salt@3001.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4
2
url pkg:pypi/salt@3002.5
purl pkg:pypi/salt@3002.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5
aliases CVE-2021-3144, PYSEC-2021-54
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w2qv-hbsf-xyfh
23
url VCID-znn9-qud3-wqat
vulnerability_id VCID-znn9-qud3-wqat
summary CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions.
references
0
reference_url https://bugzilla.suse.com/show_bug.cgi?id=1182382
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://bugzilla.suse.com/show_bug.cgi?id=1182382
fixed_packages
0
url pkg:pypi/salt@3002.2
purl pkg:pypi/salt@3002.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-47u4-vdsp-c3ct
3
vulnerability VCID-48r4-3qds-bbhv
4
vulnerability VCID-5hr1-5aec-43h3
5
vulnerability VCID-65p4-5x86-y3fj
6
vulnerability VCID-6cfw-9xe8-43d6
7
vulnerability VCID-8mpz-ke16-fbej
8
vulnerability VCID-a8kw-uehx-xfg5
9
vulnerability VCID-ce2x-ehyk-nufk
10
vulnerability VCID-h4tm-9wqz-1qge
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-mbpz-g2vs-tqc1
14
vulnerability VCID-neby-tsrt-ryg5
15
vulnerability VCID-nehw-r7zm-j7bb
16
vulnerability VCID-p4xa-ks7v-wbay
17
vulnerability VCID-saff-gz5j-8kex
18
vulnerability VCID-v43a-k2bg-wkbz
19
vulnerability VCID-w2qv-hbsf-xyfh
20
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.2
aliases CVE-2021-25315, PYSEC-2021-891
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-znn9-qud3-wqat
24
url VCID-zter-3e3b-7yfb
vulnerability_id VCID-zter-3e3b-7yfb
summary An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A sufficient craft attacker could gain root access on minion under certain scenarios.
references
0
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2022-173.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2022-173.yaml
1
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
url https://github.com/saltstack/salt
2
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.8.rst#L31
reference_id
reference_type
scores
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.8.rst#L31
3
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3003.4.rst#L32
reference_id
reference_type
scores
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3003.4.rst#L32
4
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3004.1.rst#L30
reference_id
reference_type
scores
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3004.1.rst#L30
5
reference_url https://github.com/saltstack/salt/releases
reference_id
reference_type
scores
url https://github.com/saltstack/salt/releases
6
reference_url https://github.com/saltstack/salt/releases,
reference_id
reference_type
scores
url https://github.com/saltstack/salt/releases,
7
reference_url https://repo.saltproject.io
reference_id
reference_type
scores
url https://repo.saltproject.io
8
reference_url https://repo.saltproject.io/
reference_id
reference_type
scores
url https://repo.saltproject.io/
9
reference_url https://saltproject.io/security_announcements/salt-security-advisory-release
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/salt-security-advisory-release
10
reference_url https://saltproject.io/security_announcements/salt-security-advisory-release/,
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/salt-security-advisory-release/,
11
reference_url https://security.gentoo.org/glsa/202310-22
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202310-22
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22936
reference_id CVE-2022-22936
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-22936
13
reference_url https://github.com/advisories/GHSA-5r3f-3m3j-wcj2
reference_id GHSA-5r3f-3m3j-wcj2
reference_type
scores
url https://github.com/advisories/GHSA-5r3f-3m3j-wcj2
fixed_packages
0
url pkg:pypi/salt@3002.8
purl pkg:pypi/salt@3002.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-a8kw-uehx-xfg5
3
vulnerability VCID-ce2x-ehyk-nufk
4
vulnerability VCID-h4tm-9wqz-1qge
5
vulnerability VCID-nehw-r7zm-j7bb
6
vulnerability VCID-saff-gz5j-8kex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.8
1
url pkg:pypi/salt@3003.4
purl pkg:pypi/salt@3003.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ce2x-ehyk-nufk
1
vulnerability VCID-nehw-r7zm-j7bb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3003.4
2
url pkg:pypi/salt@3004.1
purl pkg:pypi/salt@3004.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ce2x-ehyk-nufk
1
vulnerability VCID-nehw-r7zm-j7bb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3004.1
aliases CVE-2022-22936, GHSA-5r3f-3m3j-wcj2, PYSEC-2022-173
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zter-3e3b-7yfb
Fixing_vulnerabilities
0
url VCID-7mam-gwcp-8kdm
vulnerability_id VCID-7mam-gwcp-8kdm
summary An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html
2
reference_url http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html
3
reference_url http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html
4
reference_url https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html
reference_id
reference_type
scores
url https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html
5
reference_url https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst
reference_id
reference_type
scores
url https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst
6
reference_url https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html
7
reference_url https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG
reference_id
reference_type
scores
url https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG
8
reference_url https://usn.ubuntu.com/4459-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4459-1/
9
reference_url https://www.debian.org/security/2020/dsa-4676
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4676
10
reference_url http://www.vmware.com/security/advisories/VMSA-2020-0009.html
reference_id
reference_type
scores
url http://www.vmware.com/security/advisories/VMSA-2020-0009.html
fixed_packages
0
url pkg:pypi/salt@2019.2.4
purl pkg:pypi/salt@2019.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-47u4-vdsp-c3ct
3
vulnerability VCID-48r4-3qds-bbhv
4
vulnerability VCID-5hr1-5aec-43h3
5
vulnerability VCID-65p4-5x86-y3fj
6
vulnerability VCID-6cfw-9xe8-43d6
7
vulnerability VCID-8mpz-ke16-fbej
8
vulnerability VCID-a8kw-uehx-xfg5
9
vulnerability VCID-ce2x-ehyk-nufk
10
vulnerability VCID-cubj-wrbp-1qbu
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-j5th-837s-fkft
13
vulnerability VCID-jbea-m4ak-tqd7
14
vulnerability VCID-jyxg-h3a9-8ygv
15
vulnerability VCID-k1gu-khda-jyeb
16
vulnerability VCID-mbpz-g2vs-tqc1
17
vulnerability VCID-neby-tsrt-ryg5
18
vulnerability VCID-nehw-r7zm-j7bb
19
vulnerability VCID-p4xa-ks7v-wbay
20
vulnerability VCID-saff-gz5j-8kex
21
vulnerability VCID-v43a-k2bg-wkbz
22
vulnerability VCID-w2qv-hbsf-xyfh
23
vulnerability VCID-znn9-qud3-wqat
24
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.4
1
url pkg:pypi/salt@3000.2
purl pkg:pypi/salt@3000.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-47u4-vdsp-c3ct
3
vulnerability VCID-48r4-3qds-bbhv
4
vulnerability VCID-5hr1-5aec-43h3
5
vulnerability VCID-65p4-5x86-y3fj
6
vulnerability VCID-6cfw-9xe8-43d6
7
vulnerability VCID-8mpz-ke16-fbej
8
vulnerability VCID-a8kw-uehx-xfg5
9
vulnerability VCID-ce2x-ehyk-nufk
10
vulnerability VCID-cubj-wrbp-1qbu
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-j5th-837s-fkft
13
vulnerability VCID-jbea-m4ak-tqd7
14
vulnerability VCID-jyxg-h3a9-8ygv
15
vulnerability VCID-k1gu-khda-jyeb
16
vulnerability VCID-mbpz-g2vs-tqc1
17
vulnerability VCID-neby-tsrt-ryg5
18
vulnerability VCID-nehw-r7zm-j7bb
19
vulnerability VCID-p4xa-ks7v-wbay
20
vulnerability VCID-saff-gz5j-8kex
21
vulnerability VCID-v43a-k2bg-wkbz
22
vulnerability VCID-w2qv-hbsf-xyfh
23
vulnerability VCID-znn9-qud3-wqat
24
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.2
aliases CVE-2020-11651, PYSEC-2020-102
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7mam-gwcp-8kdm
1
url VCID-gafc-bb59-9yhb
vulnerability_id VCID-gafc-bb59-9yhb
summary An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html
2
reference_url http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html
3
reference_url http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html
4
reference_url https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html
reference_id
reference_type
scores
url https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html
5
reference_url https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst
reference_id
reference_type
scores
url https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst
6
reference_url https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html
7
reference_url https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG
reference_id
reference_type
scores
url https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG
8
reference_url http://support.blackberry.com/kb/articleDetail?articleNumber=000063758
reference_id
reference_type
scores
url http://support.blackberry.com/kb/articleDetail?articleNumber=000063758
9
reference_url https://usn.ubuntu.com/4459-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4459-1/
10
reference_url https://www.debian.org/security/2020/dsa-4676
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4676
11
reference_url http://www.vmware.com/security/advisories/VMSA-2020-0009.html
reference_id
reference_type
scores
url http://www.vmware.com/security/advisories/VMSA-2020-0009.html
fixed_packages
0
url pkg:pypi/salt@2019.2.4
purl pkg:pypi/salt@2019.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-47u4-vdsp-c3ct
3
vulnerability VCID-48r4-3qds-bbhv
4
vulnerability VCID-5hr1-5aec-43h3
5
vulnerability VCID-65p4-5x86-y3fj
6
vulnerability VCID-6cfw-9xe8-43d6
7
vulnerability VCID-8mpz-ke16-fbej
8
vulnerability VCID-a8kw-uehx-xfg5
9
vulnerability VCID-ce2x-ehyk-nufk
10
vulnerability VCID-cubj-wrbp-1qbu
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-j5th-837s-fkft
13
vulnerability VCID-jbea-m4ak-tqd7
14
vulnerability VCID-jyxg-h3a9-8ygv
15
vulnerability VCID-k1gu-khda-jyeb
16
vulnerability VCID-mbpz-g2vs-tqc1
17
vulnerability VCID-neby-tsrt-ryg5
18
vulnerability VCID-nehw-r7zm-j7bb
19
vulnerability VCID-p4xa-ks7v-wbay
20
vulnerability VCID-saff-gz5j-8kex
21
vulnerability VCID-v43a-k2bg-wkbz
22
vulnerability VCID-w2qv-hbsf-xyfh
23
vulnerability VCID-znn9-qud3-wqat
24
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.4
1
url pkg:pypi/salt@3000.2
purl pkg:pypi/salt@3000.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-47u4-vdsp-c3ct
3
vulnerability VCID-48r4-3qds-bbhv
4
vulnerability VCID-5hr1-5aec-43h3
5
vulnerability VCID-65p4-5x86-y3fj
6
vulnerability VCID-6cfw-9xe8-43d6
7
vulnerability VCID-8mpz-ke16-fbej
8
vulnerability VCID-a8kw-uehx-xfg5
9
vulnerability VCID-ce2x-ehyk-nufk
10
vulnerability VCID-cubj-wrbp-1qbu
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-j5th-837s-fkft
13
vulnerability VCID-jbea-m4ak-tqd7
14
vulnerability VCID-jyxg-h3a9-8ygv
15
vulnerability VCID-k1gu-khda-jyeb
16
vulnerability VCID-mbpz-g2vs-tqc1
17
vulnerability VCID-neby-tsrt-ryg5
18
vulnerability VCID-nehw-r7zm-j7bb
19
vulnerability VCID-p4xa-ks7v-wbay
20
vulnerability VCID-saff-gz5j-8kex
21
vulnerability VCID-v43a-k2bg-wkbz
22
vulnerability VCID-w2qv-hbsf-xyfh
23
vulnerability VCID-znn9-qud3-wqat
24
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.2
aliases CVE-2020-11652, PYSEC-2020-103
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gafc-bb59-9yhb
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.2