| 0 |
| url |
VCID-3qku-wmk8-5bg1 |
| vulnerability_id |
VCID-3qku-wmk8-5bg1 |
| summary |
An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an active session and salt-api users that authenticate via PAM eauth. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/saltstack/salt |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
7.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/saltstack/salt |
|
| 5 |
| reference_url |
https://repo.saltproject.io |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
7.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://repo.saltproject.io |
|
| 6 |
| reference_url |
https://repo.saltproject.io/ |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:30:14Z/ |
|
|
| url |
https://repo.saltproject.io/ |
|
| 7 |
|
| 8 |
| reference_url |
https://security.gentoo.org/glsa/202310-22 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
7.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:30:14Z/ |
|
|
| url |
https://security.gentoo.org/glsa/202310-22 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-22967, GHSA-fpxm-fprw-6hxj, PYSEC-2022-210
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3qku-wmk8-5bg1 |
|
| 1 |
| url |
VCID-49dv-x94w-suda |
| vulnerability_id |
VCID-49dv-x94w-suda |
| summary |
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/salt@2019.2.8 |
| purl |
pkg:pypi/salt@2019.2.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.8 |
|
| 1 |
| url |
pkg:pypi/salt@3000.6 |
| purl |
pkg:pypi/salt@3000.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6 |
|
| 2 |
| url |
pkg:pypi/salt@3000.7 |
| purl |
pkg:pypi/salt@3000.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.7 |
|
| 3 |
| url |
pkg:pypi/salt@3001.4 |
| purl |
pkg:pypi/salt@3001.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4 |
|
| 4 |
| url |
pkg:pypi/salt@3001.5 |
| purl |
pkg:pypi/salt@3001.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.5 |
|
| 5 |
| url |
pkg:pypi/salt@3002.3 |
| purl |
pkg:pypi/salt@3002.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-49dv-x94w-suda |
|
| 2 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 3 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 4 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 5 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 6 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 7 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 8 |
| vulnerability |
VCID-bddr-7e3e-gfch |
|
| 9 |
| vulnerability |
VCID-dqnw-edrq-hka2 |
|
| 10 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 11 |
| vulnerability |
VCID-eq7b-wcab-rqfq |
|
| 12 |
| vulnerability |
VCID-fgrx-cjat-x7dc |
|
| 13 |
| vulnerability |
VCID-k7nb-cgu8-tye8 |
|
| 14 |
| vulnerability |
VCID-kfjs-6e5q-j3aj |
|
| 15 |
| vulnerability |
VCID-n3sc-mzk3-n7cg |
|
| 16 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 17 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 18 |
| vulnerability |
VCID-w6j4-qrr2-3qae |
|
| 19 |
| vulnerability |
VCID-wvyr-dwg5-cya3 |
|
| 20 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
| 21 |
| vulnerability |
VCID-zc1e-1a3m-87c3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.3 |
|
| 6 |
| url |
pkg:pypi/salt@3002.5 |
| purl |
pkg:pypi/salt@3002.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 8 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 9 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 10 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5 |
|
|
| aliases |
CVE-2021-3197, GHSA-8rp6-x3r7-5qw3, PYSEC-2021-57
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-49dv-x94w-suda |
|
| 2 |
| url |
VCID-5s8t-r4qa-yfb7 |
| vulnerability_id |
VCID-5s8t-r4qa-yfb7 |
| summary |
In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely). |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-31607, GHSA-hcjf-rp5h-g5h3, PYSEC-2021-56
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5s8t-r4qa-yfb7 |
|
| 3 |
| url |
VCID-6y9z-4cqf-dbhh |
| vulnerability_id |
VCID-6y9z-4cqf-dbhh |
| summary |
Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-20897, GHSA-vpjg-wmf8-29h9, PYSEC-2023-166
|
| risk_score |
1.3 |
| exploitability |
0.5 |
| weighted_severity |
2.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6y9z-4cqf-dbhh |
|
| 4 |
| url |
VCID-7qmj-yzm7-yfhs |
| vulnerability_id |
VCID-7qmj-yzm7-yfhs |
| summary |
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-22935, GHSA-cvcc-5x92-gmhc, PYSEC-2022-172
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7qmj-yzm7-yfhs |
|
| 5 |
| url |
VCID-84t6-tnd4-r3gq |
| vulnerability_id |
VCID-84t6-tnd4-r3gq |
| summary |
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A sufficient craft attacker could gain root access on minion under certain scenarios. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-22936, GHSA-5r3f-3m3j-wcj2, PYSEC-2022-173
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-84t6-tnd4-r3gq |
|
| 6 |
| url |
VCID-9cpe-uywb-zfbc |
| vulnerability_id |
VCID-9cpe-uywb-zfbc |
| summary |
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/saltstack/salt |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/saltstack/salt |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://repo.saltproject.io |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://repo.saltproject.io |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-22934, GHSA-2q4g-wfm6-5fpm, PYSEC-2022-171
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9cpe-uywb-zfbc |
|
| 7 |
| url |
VCID-anh6-63ah-sfhj |
| vulnerability_id |
VCID-anh6-63ah-sfhj |
| summary |
An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-21996, GHSA-pf7h-h2wq-m7pg, PYSEC-2021-318
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-anh6-63ah-sfhj |
|
| 8 |
| url |
VCID-bddr-7e3e-gfch |
| vulnerability_id |
VCID-bddr-7e3e-gfch |
| summary |
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/salt@2019.2.8 |
| purl |
pkg:pypi/salt@2019.2.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.8 |
|
| 1 |
| url |
pkg:pypi/salt@3000.6 |
| purl |
pkg:pypi/salt@3000.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6 |
|
| 2 |
| url |
pkg:pypi/salt@3000.7 |
| purl |
pkg:pypi/salt@3000.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.7 |
|
| 3 |
| url |
pkg:pypi/salt@3001.4 |
| purl |
pkg:pypi/salt@3001.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4 |
|
| 4 |
| url |
pkg:pypi/salt@3001.5 |
| purl |
pkg:pypi/salt@3001.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.5 |
|
| 5 |
| url |
pkg:pypi/salt@3002.3 |
| purl |
pkg:pypi/salt@3002.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-49dv-x94w-suda |
|
| 2 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 3 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 4 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 5 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 6 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 7 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 8 |
| vulnerability |
VCID-bddr-7e3e-gfch |
|
| 9 |
| vulnerability |
VCID-dqnw-edrq-hka2 |
|
| 10 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 11 |
| vulnerability |
VCID-eq7b-wcab-rqfq |
|
| 12 |
| vulnerability |
VCID-fgrx-cjat-x7dc |
|
| 13 |
| vulnerability |
VCID-k7nb-cgu8-tye8 |
|
| 14 |
| vulnerability |
VCID-kfjs-6e5q-j3aj |
|
| 15 |
| vulnerability |
VCID-n3sc-mzk3-n7cg |
|
| 16 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 17 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 18 |
| vulnerability |
VCID-w6j4-qrr2-3qae |
|
| 19 |
| vulnerability |
VCID-wvyr-dwg5-cya3 |
|
| 20 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
| 21 |
| vulnerability |
VCID-zc1e-1a3m-87c3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.3 |
|
| 6 |
| url |
pkg:pypi/salt@3002.5 |
| purl |
pkg:pypi/salt@3002.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 8 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 9 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 10 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5 |
|
|
| aliases |
CVE-2021-25281, GHSA-xxw3-765m-f37p, PYSEC-2021-50
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bddr-7e3e-gfch |
|
| 9 |
| url |
VCID-c3tf-kuxu-euaz |
| vulnerability_id |
VCID-c3tf-kuxu-euaz |
| summary |
CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/salt@3002.2 |
| purl |
pkg:pypi/salt@3002.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-49dv-x94w-suda |
|
| 2 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 3 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 4 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 5 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 6 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 7 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 8 |
| vulnerability |
VCID-bddr-7e3e-gfch |
|
| 9 |
| vulnerability |
VCID-dqnw-edrq-hka2 |
|
| 10 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 11 |
| vulnerability |
VCID-eq7b-wcab-rqfq |
|
| 12 |
| vulnerability |
VCID-fgrx-cjat-x7dc |
|
| 13 |
| vulnerability |
VCID-k7nb-cgu8-tye8 |
|
| 14 |
| vulnerability |
VCID-kfjs-6e5q-j3aj |
|
| 15 |
| vulnerability |
VCID-n3sc-mzk3-n7cg |
|
| 16 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 17 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 18 |
| vulnerability |
VCID-w6j4-qrr2-3qae |
|
| 19 |
| vulnerability |
VCID-wvyr-dwg5-cya3 |
|
| 20 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
| 21 |
| vulnerability |
VCID-zc1e-1a3m-87c3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.2 |
|
|
| aliases |
CVE-2021-25315, GHSA-pmj6-9f8c-8g2m, PYSEC-2021-891
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-c3tf-kuxu-euaz |
|
| 10 |
| url |
VCID-dqnw-edrq-hka2 |
| vulnerability_id |
VCID-dqnw-edrq-hka2 |
| summary |
An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/salt@2019.2.8 |
| purl |
pkg:pypi/salt@2019.2.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.8 |
|
| 1 |
| url |
pkg:pypi/salt@3000.6 |
| purl |
pkg:pypi/salt@3000.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6 |
|
| 2 |
| url |
pkg:pypi/salt@3000.7 |
| purl |
pkg:pypi/salt@3000.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.7 |
|
| 3 |
| url |
pkg:pypi/salt@3001.4 |
| purl |
pkg:pypi/salt@3001.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4 |
|
| 4 |
| url |
pkg:pypi/salt@3001.5 |
| purl |
pkg:pypi/salt@3001.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.5 |
|
| 5 |
| url |
pkg:pypi/salt@3002.5 |
| purl |
pkg:pypi/salt@3002.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 8 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 9 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 10 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5 |
|
|
| aliases |
CVE-2021-25283, GHSA-xgmh-gfxw-2hvv, PYSEC-2021-52
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dqnw-edrq-hka2 |
|
| 11 |
|
| 12 |
| url |
VCID-eq7b-wcab-rqfq |
| vulnerability_id |
VCID-eq7b-wcab-rqfq |
| summary |
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/salt@2019.2.8 |
| purl |
pkg:pypi/salt@2019.2.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.8 |
|
| 1 |
| url |
pkg:pypi/salt@3000.6 |
| purl |
pkg:pypi/salt@3000.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6 |
|
| 2 |
| url |
pkg:pypi/salt@3000.7 |
| purl |
pkg:pypi/salt@3000.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.7 |
|
| 3 |
| url |
pkg:pypi/salt@3001.4 |
| purl |
pkg:pypi/salt@3001.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4 |
|
| 4 |
| url |
pkg:pypi/salt@3001.5 |
| purl |
pkg:pypi/salt@3001.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.5 |
|
| 5 |
| url |
pkg:pypi/salt@3002.3 |
| purl |
pkg:pypi/salt@3002.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-49dv-x94w-suda |
|
| 2 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 3 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 4 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 5 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 6 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 7 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 8 |
| vulnerability |
VCID-bddr-7e3e-gfch |
|
| 9 |
| vulnerability |
VCID-dqnw-edrq-hka2 |
|
| 10 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 11 |
| vulnerability |
VCID-eq7b-wcab-rqfq |
|
| 12 |
| vulnerability |
VCID-fgrx-cjat-x7dc |
|
| 13 |
| vulnerability |
VCID-k7nb-cgu8-tye8 |
|
| 14 |
| vulnerability |
VCID-kfjs-6e5q-j3aj |
|
| 15 |
| vulnerability |
VCID-n3sc-mzk3-n7cg |
|
| 16 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 17 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 18 |
| vulnerability |
VCID-w6j4-qrr2-3qae |
|
| 19 |
| vulnerability |
VCID-wvyr-dwg5-cya3 |
|
| 20 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
| 21 |
| vulnerability |
VCID-zc1e-1a3m-87c3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.3 |
|
| 6 |
| url |
pkg:pypi/salt@3002.5 |
| purl |
pkg:pypi/salt@3002.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 8 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 9 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 10 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5 |
|
|
| aliases |
CVE-2021-3148, GHSA-ghc2-hx3w-jqmp, PYSEC-2021-55
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-eq7b-wcab-rqfq |
|
| 13 |
| url |
VCID-fgrx-cjat-x7dc |
| vulnerability_id |
VCID-fgrx-cjat-x7dc |
| summary |
In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/saltstack/salt |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/saltstack/salt |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/salt@2019.2.8 |
| purl |
pkg:pypi/salt@2019.2.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.8 |
|
| 1 |
| url |
pkg:pypi/salt@3000.6 |
| purl |
pkg:pypi/salt@3000.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6 |
|
| 2 |
| url |
pkg:pypi/salt@3000.7 |
| purl |
pkg:pypi/salt@3000.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.7 |
|
| 3 |
| url |
pkg:pypi/salt@3001.4 |
| purl |
pkg:pypi/salt@3001.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4 |
|
| 4 |
| url |
pkg:pypi/salt@3001.5 |
| purl |
pkg:pypi/salt@3001.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.5 |
|
| 5 |
| url |
pkg:pypi/salt@3002.3 |
| purl |
pkg:pypi/salt@3002.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-49dv-x94w-suda |
|
| 2 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 3 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 4 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 5 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 6 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 7 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 8 |
| vulnerability |
VCID-bddr-7e3e-gfch |
|
| 9 |
| vulnerability |
VCID-dqnw-edrq-hka2 |
|
| 10 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 11 |
| vulnerability |
VCID-eq7b-wcab-rqfq |
|
| 12 |
| vulnerability |
VCID-fgrx-cjat-x7dc |
|
| 13 |
| vulnerability |
VCID-k7nb-cgu8-tye8 |
|
| 14 |
| vulnerability |
VCID-kfjs-6e5q-j3aj |
|
| 15 |
| vulnerability |
VCID-n3sc-mzk3-n7cg |
|
| 16 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 17 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 18 |
| vulnerability |
VCID-w6j4-qrr2-3qae |
|
| 19 |
| vulnerability |
VCID-wvyr-dwg5-cya3 |
|
| 20 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
| 21 |
| vulnerability |
VCID-zc1e-1a3m-87c3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.3 |
|
| 6 |
| url |
pkg:pypi/salt@3002.5 |
| purl |
pkg:pypi/salt@3002.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 8 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 9 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 10 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5 |
|
|
| aliases |
CVE-2020-28972, GHSA-w589-r335-4f55, PYSEC-2021-74
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fgrx-cjat-x7dc |
|
| 14 |
| url |
VCID-k7nb-cgu8-tye8 |
| vulnerability_id |
VCID-k7nb-cgu8-tye8 |
| summary |
An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/salt@2019.2.8 |
| purl |
pkg:pypi/salt@2019.2.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.8 |
|
| 1 |
| url |
pkg:pypi/salt@3000.6 |
| purl |
pkg:pypi/salt@3000.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6 |
|
| 2 |
| url |
pkg:pypi/salt@3000.7 |
| purl |
pkg:pypi/salt@3000.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.7 |
|
| 3 |
| url |
pkg:pypi/salt@3001.4 |
| purl |
pkg:pypi/salt@3001.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4 |
|
| 4 |
| url |
pkg:pypi/salt@3001.5 |
| purl |
pkg:pypi/salt@3001.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.5 |
|
| 5 |
| url |
pkg:pypi/salt@3002.3 |
| purl |
pkg:pypi/salt@3002.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-49dv-x94w-suda |
|
| 2 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 3 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 4 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 5 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 6 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 7 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 8 |
| vulnerability |
VCID-bddr-7e3e-gfch |
|
| 9 |
| vulnerability |
VCID-dqnw-edrq-hka2 |
|
| 10 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 11 |
| vulnerability |
VCID-eq7b-wcab-rqfq |
|
| 12 |
| vulnerability |
VCID-fgrx-cjat-x7dc |
|
| 13 |
| vulnerability |
VCID-k7nb-cgu8-tye8 |
|
| 14 |
| vulnerability |
VCID-kfjs-6e5q-j3aj |
|
| 15 |
| vulnerability |
VCID-n3sc-mzk3-n7cg |
|
| 16 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 17 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 18 |
| vulnerability |
VCID-w6j4-qrr2-3qae |
|
| 19 |
| vulnerability |
VCID-wvyr-dwg5-cya3 |
|
| 20 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
| 21 |
| vulnerability |
VCID-zc1e-1a3m-87c3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.3 |
|
| 6 |
| url |
pkg:pypi/salt@3002.5 |
| purl |
pkg:pypi/salt@3002.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 8 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 9 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 10 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5 |
|
|
| aliases |
CVE-2020-28243, GHSA-phhw-3wc9-8q75, PYSEC-2021-73
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-k7nb-cgu8-tye8 |
|
| 15 |
| url |
VCID-kfjs-6e5q-j3aj |
| vulnerability_id |
VCID-kfjs-6e5q-j3aj |
| summary |
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.) |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/salt@2019.2.8 |
| purl |
pkg:pypi/salt@2019.2.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.8 |
|
| 1 |
| url |
pkg:pypi/salt@3000.6 |
| purl |
pkg:pypi/salt@3000.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6 |
|
| 2 |
| url |
pkg:pypi/salt@3000.7 |
| purl |
pkg:pypi/salt@3000.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.7 |
|
| 3 |
| url |
pkg:pypi/salt@3001.4 |
| purl |
pkg:pypi/salt@3001.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4 |
|
| 4 |
| url |
pkg:pypi/salt@3001.5 |
| purl |
pkg:pypi/salt@3001.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.5 |
|
| 5 |
| url |
pkg:pypi/salt@3002.3 |
| purl |
pkg:pypi/salt@3002.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-49dv-x94w-suda |
|
| 2 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 3 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 4 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 5 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 6 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 7 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 8 |
| vulnerability |
VCID-bddr-7e3e-gfch |
|
| 9 |
| vulnerability |
VCID-dqnw-edrq-hka2 |
|
| 10 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 11 |
| vulnerability |
VCID-eq7b-wcab-rqfq |
|
| 12 |
| vulnerability |
VCID-fgrx-cjat-x7dc |
|
| 13 |
| vulnerability |
VCID-k7nb-cgu8-tye8 |
|
| 14 |
| vulnerability |
VCID-kfjs-6e5q-j3aj |
|
| 15 |
| vulnerability |
VCID-n3sc-mzk3-n7cg |
|
| 16 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 17 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 18 |
| vulnerability |
VCID-w6j4-qrr2-3qae |
|
| 19 |
| vulnerability |
VCID-wvyr-dwg5-cya3 |
|
| 20 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
| 21 |
| vulnerability |
VCID-zc1e-1a3m-87c3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.3 |
|
| 6 |
| url |
pkg:pypi/salt@3002.5 |
| purl |
pkg:pypi/salt@3002.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 8 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 9 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 10 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5 |
|
|
| aliases |
CVE-2021-3144, GHSA-w2hr-3mc8-46gh, PYSEC-2021-54
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kfjs-6e5q-j3aj |
|
| 16 |
| url |
VCID-n3sc-mzk3-n7cg |
| vulnerability_id |
VCID-n3sc-mzk3-n7cg |
| summary |
An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/saltstack/salt |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H |
|
| 1 |
| value |
8.8 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/saltstack/salt |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/salt@2019.2.8 |
| purl |
pkg:pypi/salt@2019.2.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.8 |
|
| 1 |
| url |
pkg:pypi/salt@3000.6 |
| purl |
pkg:pypi/salt@3000.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6 |
|
| 2 |
| url |
pkg:pypi/salt@3000.7 |
| purl |
pkg:pypi/salt@3000.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.7 |
|
| 3 |
| url |
pkg:pypi/salt@3001.4 |
| purl |
pkg:pypi/salt@3001.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4 |
|
| 4 |
| url |
pkg:pypi/salt@3001.5 |
| purl |
pkg:pypi/salt@3001.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.5 |
|
| 5 |
| url |
pkg:pypi/salt@3002.3 |
| purl |
pkg:pypi/salt@3002.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-49dv-x94w-suda |
|
| 2 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 3 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 4 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 5 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 6 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 7 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 8 |
| vulnerability |
VCID-bddr-7e3e-gfch |
|
| 9 |
| vulnerability |
VCID-dqnw-edrq-hka2 |
|
| 10 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 11 |
| vulnerability |
VCID-eq7b-wcab-rqfq |
|
| 12 |
| vulnerability |
VCID-fgrx-cjat-x7dc |
|
| 13 |
| vulnerability |
VCID-k7nb-cgu8-tye8 |
|
| 14 |
| vulnerability |
VCID-kfjs-6e5q-j3aj |
|
| 15 |
| vulnerability |
VCID-n3sc-mzk3-n7cg |
|
| 16 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 17 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 18 |
| vulnerability |
VCID-w6j4-qrr2-3qae |
|
| 19 |
| vulnerability |
VCID-wvyr-dwg5-cya3 |
|
| 20 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
| 21 |
| vulnerability |
VCID-zc1e-1a3m-87c3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.3 |
|
| 6 |
| url |
pkg:pypi/salt@3002.5 |
| purl |
pkg:pypi/salt@3002.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 8 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 9 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 10 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5 |
|
|
| aliases |
CVE-2021-25282, GHSA-76x4-x3p6-rpr9, PYSEC-2021-51
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n3sc-mzk3-n7cg |
|
| 17 |
| url |
VCID-n4vy-d4dh-x7gu |
| vulnerability_id |
VCID-n4vy-d4dh-x7gu |
| summary |
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisher_acl, if a user configured in the publisher_acl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid, allowing configured users to target any of the minions connected to the syndic with their configured commands. This requires a syndic master combined with publisher_acl configured on the Master-of-Masters, allowing users specified in the publisher_acl to bypass permissions, publishing authorized commands to any configured minion. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-22941, GHSA-qcr3-hr2f-6557, PYSEC-2022-174
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n4vy-d4dh-x7gu |
|
| 18 |
| url |
VCID-r3m9-163d-myff |
| vulnerability_id |
VCID-r3m9-163d-myff |
| summary |
Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. Anything that uses Git Providers with different environments can get garbage data or the wrong data, which can lead to wrongful data disclosure, wrongful executions, data corruption and/or crash. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-20898, GHSA-qvh6-3j7x-3hq7, PYSEC-2023-169
|
| risk_score |
1.9 |
| exploitability |
0.5 |
| weighted_severity |
3.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r3m9-163d-myff |
|
| 19 |
| url |
VCID-w6j4-qrr2-3qae |
| vulnerability_id |
VCID-w6j4-qrr2-3qae |
| summary |
In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/salt@2019.2.8 |
| purl |
pkg:pypi/salt@2019.2.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.8 |
|
| 1 |
| url |
pkg:pypi/salt@3000.6 |
| purl |
pkg:pypi/salt@3000.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6 |
|
| 2 |
| url |
pkg:pypi/salt@3000.7 |
| purl |
pkg:pypi/salt@3000.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.7 |
|
| 3 |
| url |
pkg:pypi/salt@3001.4 |
| purl |
pkg:pypi/salt@3001.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4 |
|
| 4 |
| url |
pkg:pypi/salt@3001.5 |
| purl |
pkg:pypi/salt@3001.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.5 |
|
| 5 |
| url |
pkg:pypi/salt@3002.3 |
| purl |
pkg:pypi/salt@3002.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-49dv-x94w-suda |
|
| 2 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 3 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 4 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 5 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 6 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 7 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 8 |
| vulnerability |
VCID-bddr-7e3e-gfch |
|
| 9 |
| vulnerability |
VCID-dqnw-edrq-hka2 |
|
| 10 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 11 |
| vulnerability |
VCID-eq7b-wcab-rqfq |
|
| 12 |
| vulnerability |
VCID-fgrx-cjat-x7dc |
|
| 13 |
| vulnerability |
VCID-k7nb-cgu8-tye8 |
|
| 14 |
| vulnerability |
VCID-kfjs-6e5q-j3aj |
|
| 15 |
| vulnerability |
VCID-n3sc-mzk3-n7cg |
|
| 16 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 17 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 18 |
| vulnerability |
VCID-w6j4-qrr2-3qae |
|
| 19 |
| vulnerability |
VCID-wvyr-dwg5-cya3 |
|
| 20 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
| 21 |
| vulnerability |
VCID-zc1e-1a3m-87c3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.3 |
|
| 6 |
| url |
pkg:pypi/salt@3002.5 |
| purl |
pkg:pypi/salt@3002.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 8 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 9 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 10 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5 |
|
|
| aliases |
CVE-2020-35662, GHSA-qx72-q6w3-qgc7, PYSEC-2021-75
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w6j4-qrr2-3qae |
|
| 20 |
| url |
VCID-wvyr-dwg5-cya3 |
| vulnerability_id |
VCID-wvyr-dwg5-cya3 |
| summary |
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/salt@2019.2.8 |
| purl |
pkg:pypi/salt@2019.2.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.8 |
|
| 1 |
| url |
pkg:pypi/salt@3000.6 |
| purl |
pkg:pypi/salt@3000.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6 |
|
| 2 |
| url |
pkg:pypi/salt@3000.7 |
| purl |
pkg:pypi/salt@3000.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.7 |
|
| 3 |
| url |
pkg:pypi/salt@3001.4 |
| purl |
pkg:pypi/salt@3001.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4 |
|
| 4 |
| url |
pkg:pypi/salt@3001.5 |
| purl |
pkg:pypi/salt@3001.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.5 |
|
| 5 |
| url |
pkg:pypi/salt@3002.3 |
| purl |
pkg:pypi/salt@3002.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-49dv-x94w-suda |
|
| 2 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 3 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 4 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 5 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 6 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 7 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 8 |
| vulnerability |
VCID-bddr-7e3e-gfch |
|
| 9 |
| vulnerability |
VCID-dqnw-edrq-hka2 |
|
| 10 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 11 |
| vulnerability |
VCID-eq7b-wcab-rqfq |
|
| 12 |
| vulnerability |
VCID-fgrx-cjat-x7dc |
|
| 13 |
| vulnerability |
VCID-k7nb-cgu8-tye8 |
|
| 14 |
| vulnerability |
VCID-kfjs-6e5q-j3aj |
|
| 15 |
| vulnerability |
VCID-n3sc-mzk3-n7cg |
|
| 16 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 17 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 18 |
| vulnerability |
VCID-w6j4-qrr2-3qae |
|
| 19 |
| vulnerability |
VCID-wvyr-dwg5-cya3 |
|
| 20 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
| 21 |
| vulnerability |
VCID-zc1e-1a3m-87c3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.3 |
|
| 6 |
| url |
pkg:pypi/salt@3002.5 |
| purl |
pkg:pypi/salt@3002.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 8 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 9 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 10 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5 |
|
|
| aliases |
CVE-2021-25284, GHSA-r55w-xph5-xvx2, PYSEC-2021-53
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wvyr-dwg5-cya3 |
|
| 21 |
| url |
VCID-z6gy-m65u-wqgh |
| vulnerability_id |
VCID-z6gy-m65u-wqgh |
| summary |
An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion software. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/saltstack/salt |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/saltstack/salt |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-22004, GHSA-xf37-qcvf-7m57, PYSEC-2021-346
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-z6gy-m65u-wqgh |
|
| 22 |
| url |
VCID-zc1e-1a3m-87c3 |
| vulnerability_id |
VCID-zc1e-1a3m-87c3 |
| summary |
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/salt@2019.2.8 |
| purl |
pkg:pypi/salt@2019.2.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.8 |
|
| 1 |
| url |
pkg:pypi/salt@3000.6 |
| purl |
pkg:pypi/salt@3000.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6 |
|
| 2 |
| url |
pkg:pypi/salt@3001.4 |
| purl |
pkg:pypi/salt@3001.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-c3tf-kuxu-euaz |
|
| 8 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 9 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 10 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 11 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4 |
|
| 3 |
| url |
pkg:pypi/salt@3002.5 |
| purl |
pkg:pypi/salt@3002.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3qku-wmk8-5bg1 |
|
| 1 |
| vulnerability |
VCID-5s8t-r4qa-yfb7 |
|
| 2 |
| vulnerability |
VCID-6y9z-4cqf-dbhh |
|
| 3 |
| vulnerability |
VCID-7qmj-yzm7-yfhs |
|
| 4 |
| vulnerability |
VCID-84t6-tnd4-r3gq |
|
| 5 |
| vulnerability |
VCID-9cpe-uywb-zfbc |
|
| 6 |
| vulnerability |
VCID-anh6-63ah-sfhj |
|
| 7 |
| vulnerability |
VCID-dttu-htyd-tkcc |
|
| 8 |
| vulnerability |
VCID-n4vy-d4dh-x7gu |
|
| 9 |
| vulnerability |
VCID-r3m9-163d-myff |
|
| 10 |
| vulnerability |
VCID-z6gy-m65u-wqgh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5 |
|
|
| aliases |
PYSEC-2021-362
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zc1e-1a3m-87c3 |
|