Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/salt@0.13.2
Typepypi
Namespace
Namesalt
Version0.13.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3005.2
Latest_non_vulnerable_version3007.9
Affected_by_vulnerabilities
0
url VCID-2ds7-ga65-r3b6
vulnerability_id VCID-2ds7-ga65-r3b6
summary An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
references
0
reference_url https://github.com/saltstack/salt/releases
reference_id
reference_type
scores
url https://github.com/saltstack/salt/releases
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
4
reference_url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
5
reference_url https://security.gentoo.org/glsa/202103-01
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202103-01
fixed_packages
0
url pkg:pypi/salt@2015.8.10
purl pkg:pypi/salt@2015.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xs9-ym4e-fyag
1
vulnerability VCID-47u4-vdsp-c3ct
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8ghn-kbm9-sfas
6
vulnerability VCID-8mpz-ke16-fbej
7
vulnerability VCID-a8kw-uehx-xfg5
8
vulnerability VCID-ce2x-ehyk-nufk
9
vulnerability VCID-e6kv-phwy-vfef
10
vulnerability VCID-e8qc-mktf-gyam
11
vulnerability VCID-gafc-bb59-9yhb
12
vulnerability VCID-h4tm-9wqz-1qge
13
vulnerability VCID-hgv6-czxs-cfbc
14
vulnerability VCID-jyxg-h3a9-8ygv
15
vulnerability VCID-k1gu-khda-jyeb
16
vulnerability VCID-kapu-yvhn-ybhw
17
vulnerability VCID-nehw-r7zm-j7bb
18
vulnerability VCID-qgqk-f1g2-7fbz
19
vulnerability VCID-reer-fk1f-tkbj
20
vulnerability VCID-saff-gz5j-8kex
21
vulnerability VCID-xccs-pwhb-nuce
22
vulnerability VCID-znn9-qud3-wqat
23
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2015.8.10
1
url pkg:pypi/salt@2015.8.13
purl pkg:pypi/salt@2015.8.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8ghn-kbm9-sfas
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-qgqk-f1g2-7fbz
18
vulnerability VCID-saff-gz5j-8kex
19
vulnerability VCID-znn9-qud3-wqat
20
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2015.8.13
2
url pkg:pypi/salt@2016.3.4
purl pkg:pypi/salt@2016.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8ghn-kbm9-sfas
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-qgqk-f1g2-7fbz
18
vulnerability VCID-reer-fk1f-tkbj
19
vulnerability VCID-saff-gz5j-8kex
20
vulnerability VCID-xccs-pwhb-nuce
21
vulnerability VCID-znn9-qud3-wqat
22
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.4
3
url pkg:pypi/salt@2016.3.6
purl pkg:pypi/salt@2016.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e6kv-phwy-vfef
8
vulnerability VCID-e8qc-mktf-gyam
9
vulnerability VCID-gafc-bb59-9yhb
10
vulnerability VCID-h4tm-9wqz-1qge
11
vulnerability VCID-hgv6-czxs-cfbc
12
vulnerability VCID-jyxg-h3a9-8ygv
13
vulnerability VCID-k1gu-khda-jyeb
14
vulnerability VCID-kapu-yvhn-ybhw
15
vulnerability VCID-nehw-r7zm-j7bb
16
vulnerability VCID-qgqk-f1g2-7fbz
17
vulnerability VCID-saff-gz5j-8kex
18
vulnerability VCID-znn9-qud3-wqat
19
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.6
4
url pkg:pypi/salt@2016.3.8
purl pkg:pypi/salt@2016.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-7mam-gwcp-8kdm
3
vulnerability VCID-8mpz-ke16-fbej
4
vulnerability VCID-a8kw-uehx-xfg5
5
vulnerability VCID-ce2x-ehyk-nufk
6
vulnerability VCID-e6kv-phwy-vfef
7
vulnerability VCID-e8qc-mktf-gyam
8
vulnerability VCID-gafc-bb59-9yhb
9
vulnerability VCID-h4tm-9wqz-1qge
10
vulnerability VCID-hgv6-czxs-cfbc
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-nehw-r7zm-j7bb
14
vulnerability VCID-qgqk-f1g2-7fbz
15
vulnerability VCID-saff-gz5j-8kex
16
vulnerability VCID-znn9-qud3-wqat
17
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.8
5
url pkg:pypi/salt@2016.11.3
purl pkg:pypi/salt@2016.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-pr6t-nw24-cfcp
18
vulnerability VCID-qgqk-f1g2-7fbz
19
vulnerability VCID-saff-gz5j-8kex
20
vulnerability VCID-znn9-qud3-wqat
21
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.3
6
url pkg:pypi/salt@2016.11.5
purl pkg:pypi/salt@2016.11.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-cubj-wrbp-1qbu
9
vulnerability VCID-e6kv-phwy-vfef
10
vulnerability VCID-e8qc-mktf-gyam
11
vulnerability VCID-gafc-bb59-9yhb
12
vulnerability VCID-h4tm-9wqz-1qge
13
vulnerability VCID-hgv6-czxs-cfbc
14
vulnerability VCID-j5th-837s-fkft
15
vulnerability VCID-jbea-m4ak-tqd7
16
vulnerability VCID-jyxg-h3a9-8ygv
17
vulnerability VCID-k1gu-khda-jyeb
18
vulnerability VCID-kapu-yvhn-ybhw
19
vulnerability VCID-nehw-r7zm-j7bb
20
vulnerability VCID-qgqk-f1g2-7fbz
21
vulnerability VCID-saff-gz5j-8kex
22
vulnerability VCID-znn9-qud3-wqat
23
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.5
7
url pkg:pypi/salt@2016.11.10
purl pkg:pypi/salt@2016.11.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e6kv-phwy-vfef
8
vulnerability VCID-e8qc-mktf-gyam
9
vulnerability VCID-gafc-bb59-9yhb
10
vulnerability VCID-h4tm-9wqz-1qge
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-nehw-r7zm-j7bb
14
vulnerability VCID-qgqk-f1g2-7fbz
15
vulnerability VCID-saff-gz5j-8kex
16
vulnerability VCID-znn9-qud3-wqat
17
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.10
8
url pkg:pypi/salt@2017.7.8
purl pkg:pypi/salt@2017.7.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e8qc-mktf-gyam
8
vulnerability VCID-gafc-bb59-9yhb
9
vulnerability VCID-h4tm-9wqz-1qge
10
vulnerability VCID-jyxg-h3a9-8ygv
11
vulnerability VCID-k1gu-khda-jyeb
12
vulnerability VCID-nehw-r7zm-j7bb
13
vulnerability VCID-saff-gz5j-8kex
14
vulnerability VCID-znn9-qud3-wqat
15
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2017.7.8
9
url pkg:pypi/salt@2019.2.0rc1
purl pkg:pypi/salt@2019.2.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-7mam-gwcp-8kdm
3
vulnerability VCID-8mpz-ke16-fbej
4
vulnerability VCID-a8kw-uehx-xfg5
5
vulnerability VCID-ce2x-ehyk-nufk
6
vulnerability VCID-e8qc-mktf-gyam
7
vulnerability VCID-gafc-bb59-9yhb
8
vulnerability VCID-h4tm-9wqz-1qge
9
vulnerability VCID-jyxg-h3a9-8ygv
10
vulnerability VCID-k1gu-khda-jyeb
11
vulnerability VCID-nehw-r7zm-j7bb
12
vulnerability VCID-saff-gz5j-8kex
13
vulnerability VCID-znn9-qud3-wqat
14
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.0rc1
10
url pkg:pypi/salt@2019.2.5
purl pkg:pypi/salt@2019.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.5
11
url pkg:pypi/salt@2019.2.8
purl pkg:pypi/salt@2019.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.8
12
url pkg:pypi/salt@3000.6
purl pkg:pypi/salt@3000.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6
13
url pkg:pypi/salt@3001.4
purl pkg:pypi/salt@3001.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4
14
url pkg:pypi/salt@3002.5
purl pkg:pypi/salt@3002.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5
aliases CVE-2021-3148, PYSEC-2021-55
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2ds7-ga65-r3b6
1
url VCID-2h9s-fgnc-1qeg
vulnerability_id VCID-2h9s-fgnc-1qeg
summary An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory.
references
0
reference_url https://github.com/stealthcopter/CVE-2020-28243
reference_id
reference_type
scores
url https://github.com/stealthcopter/CVE-2020-28243
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
4
reference_url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
5
reference_url https://sec.stealthcopter.com/cve-2020-28243/
reference_id
reference_type
scores
url https://sec.stealthcopter.com/cve-2020-28243/
6
reference_url https://security.gentoo.org/glsa/202103-01
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202103-01
fixed_packages
0
url pkg:pypi/salt@2015.8.10
purl pkg:pypi/salt@2015.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xs9-ym4e-fyag
1
vulnerability VCID-47u4-vdsp-c3ct
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8ghn-kbm9-sfas
6
vulnerability VCID-8mpz-ke16-fbej
7
vulnerability VCID-a8kw-uehx-xfg5
8
vulnerability VCID-ce2x-ehyk-nufk
9
vulnerability VCID-e6kv-phwy-vfef
10
vulnerability VCID-e8qc-mktf-gyam
11
vulnerability VCID-gafc-bb59-9yhb
12
vulnerability VCID-h4tm-9wqz-1qge
13
vulnerability VCID-hgv6-czxs-cfbc
14
vulnerability VCID-jyxg-h3a9-8ygv
15
vulnerability VCID-k1gu-khda-jyeb
16
vulnerability VCID-kapu-yvhn-ybhw
17
vulnerability VCID-nehw-r7zm-j7bb
18
vulnerability VCID-qgqk-f1g2-7fbz
19
vulnerability VCID-reer-fk1f-tkbj
20
vulnerability VCID-saff-gz5j-8kex
21
vulnerability VCID-xccs-pwhb-nuce
22
vulnerability VCID-znn9-qud3-wqat
23
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2015.8.10
1
url pkg:pypi/salt@2015.8.13
purl pkg:pypi/salt@2015.8.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8ghn-kbm9-sfas
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-qgqk-f1g2-7fbz
18
vulnerability VCID-saff-gz5j-8kex
19
vulnerability VCID-znn9-qud3-wqat
20
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2015.8.13
2
url pkg:pypi/salt@2016.3.4
purl pkg:pypi/salt@2016.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8ghn-kbm9-sfas
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-qgqk-f1g2-7fbz
18
vulnerability VCID-reer-fk1f-tkbj
19
vulnerability VCID-saff-gz5j-8kex
20
vulnerability VCID-xccs-pwhb-nuce
21
vulnerability VCID-znn9-qud3-wqat
22
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.4
3
url pkg:pypi/salt@2016.3.6
purl pkg:pypi/salt@2016.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e6kv-phwy-vfef
8
vulnerability VCID-e8qc-mktf-gyam
9
vulnerability VCID-gafc-bb59-9yhb
10
vulnerability VCID-h4tm-9wqz-1qge
11
vulnerability VCID-hgv6-czxs-cfbc
12
vulnerability VCID-jyxg-h3a9-8ygv
13
vulnerability VCID-k1gu-khda-jyeb
14
vulnerability VCID-kapu-yvhn-ybhw
15
vulnerability VCID-nehw-r7zm-j7bb
16
vulnerability VCID-qgqk-f1g2-7fbz
17
vulnerability VCID-saff-gz5j-8kex
18
vulnerability VCID-znn9-qud3-wqat
19
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.6
4
url pkg:pypi/salt@2016.3.8
purl pkg:pypi/salt@2016.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-7mam-gwcp-8kdm
3
vulnerability VCID-8mpz-ke16-fbej
4
vulnerability VCID-a8kw-uehx-xfg5
5
vulnerability VCID-ce2x-ehyk-nufk
6
vulnerability VCID-e6kv-phwy-vfef
7
vulnerability VCID-e8qc-mktf-gyam
8
vulnerability VCID-gafc-bb59-9yhb
9
vulnerability VCID-h4tm-9wqz-1qge
10
vulnerability VCID-hgv6-czxs-cfbc
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-nehw-r7zm-j7bb
14
vulnerability VCID-qgqk-f1g2-7fbz
15
vulnerability VCID-saff-gz5j-8kex
16
vulnerability VCID-znn9-qud3-wqat
17
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.8
5
url pkg:pypi/salt@2016.11.3
purl pkg:pypi/salt@2016.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-pr6t-nw24-cfcp
18
vulnerability VCID-qgqk-f1g2-7fbz
19
vulnerability VCID-saff-gz5j-8kex
20
vulnerability VCID-znn9-qud3-wqat
21
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.3
6
url pkg:pypi/salt@2016.11.5
purl pkg:pypi/salt@2016.11.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-cubj-wrbp-1qbu
9
vulnerability VCID-e6kv-phwy-vfef
10
vulnerability VCID-e8qc-mktf-gyam
11
vulnerability VCID-gafc-bb59-9yhb
12
vulnerability VCID-h4tm-9wqz-1qge
13
vulnerability VCID-hgv6-czxs-cfbc
14
vulnerability VCID-j5th-837s-fkft
15
vulnerability VCID-jbea-m4ak-tqd7
16
vulnerability VCID-jyxg-h3a9-8ygv
17
vulnerability VCID-k1gu-khda-jyeb
18
vulnerability VCID-kapu-yvhn-ybhw
19
vulnerability VCID-nehw-r7zm-j7bb
20
vulnerability VCID-qgqk-f1g2-7fbz
21
vulnerability VCID-saff-gz5j-8kex
22
vulnerability VCID-znn9-qud3-wqat
23
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.5
7
url pkg:pypi/salt@2016.11.10
purl pkg:pypi/salt@2016.11.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e6kv-phwy-vfef
8
vulnerability VCID-e8qc-mktf-gyam
9
vulnerability VCID-gafc-bb59-9yhb
10
vulnerability VCID-h4tm-9wqz-1qge
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-nehw-r7zm-j7bb
14
vulnerability VCID-qgqk-f1g2-7fbz
15
vulnerability VCID-saff-gz5j-8kex
16
vulnerability VCID-znn9-qud3-wqat
17
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.10
8
url pkg:pypi/salt@2017.7.8
purl pkg:pypi/salt@2017.7.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e8qc-mktf-gyam
8
vulnerability VCID-gafc-bb59-9yhb
9
vulnerability VCID-h4tm-9wqz-1qge
10
vulnerability VCID-jyxg-h3a9-8ygv
11
vulnerability VCID-k1gu-khda-jyeb
12
vulnerability VCID-nehw-r7zm-j7bb
13
vulnerability VCID-saff-gz5j-8kex
14
vulnerability VCID-znn9-qud3-wqat
15
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2017.7.8
9
url pkg:pypi/salt@2019.2.0rc1
purl pkg:pypi/salt@2019.2.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-7mam-gwcp-8kdm
3
vulnerability VCID-8mpz-ke16-fbej
4
vulnerability VCID-a8kw-uehx-xfg5
5
vulnerability VCID-ce2x-ehyk-nufk
6
vulnerability VCID-e8qc-mktf-gyam
7
vulnerability VCID-gafc-bb59-9yhb
8
vulnerability VCID-h4tm-9wqz-1qge
9
vulnerability VCID-jyxg-h3a9-8ygv
10
vulnerability VCID-k1gu-khda-jyeb
11
vulnerability VCID-nehw-r7zm-j7bb
12
vulnerability VCID-saff-gz5j-8kex
13
vulnerability VCID-znn9-qud3-wqat
14
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.0rc1
10
url pkg:pypi/salt@2019.2.5
purl pkg:pypi/salt@2019.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.5
11
url pkg:pypi/salt@2019.2.8
purl pkg:pypi/salt@2019.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.8
12
url pkg:pypi/salt@3000.6
purl pkg:pypi/salt@3000.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6
13
url pkg:pypi/salt@3001.4
purl pkg:pypi/salt@3001.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4
14
url pkg:pypi/salt@3002.5
purl pkg:pypi/salt@3002.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5
aliases CVE-2020-28243, PYSEC-2021-73
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2h9s-fgnc-1qeg
2
url VCID-3xs9-ym4e-fyag
vulnerability_id VCID-3xs9-ym4e-fyag
summary Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.
references
0
reference_url https://docs.saltstack.com/en/2015.8/ref/configuration/master.html#rotate-aes-key
reference_id
reference_type
scores
url https://docs.saltstack.com/en/2015.8/ref/configuration/master.html#rotate-aes-key
1
reference_url http://www.openwall.com/lists/oss-security/2016/11/25/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2016/11/25/2
2
reference_url http://www.openwall.com/lists/oss-security/2016/11/25/3
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2016/11/25/3
3
reference_url http://www.securityfocus.com/bid/94553
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/94553
fixed_packages
0
url pkg:pypi/salt@2015.8.11
purl pkg:pypi/salt@2015.8.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-47u4-vdsp-c3ct
3
vulnerability VCID-48tt-fe7z-ybfb
4
vulnerability VCID-58p2-6c4u-tybp
5
vulnerability VCID-5hr1-5aec-43h3
6
vulnerability VCID-65p4-5x86-y3fj
7
vulnerability VCID-6cfw-9xe8-43d6
8
vulnerability VCID-7mam-gwcp-8kdm
9
vulnerability VCID-8ghn-kbm9-sfas
10
vulnerability VCID-8mpz-ke16-fbej
11
vulnerability VCID-a8kw-uehx-xfg5
12
vulnerability VCID-ce2x-ehyk-nufk
13
vulnerability VCID-cubj-wrbp-1qbu
14
vulnerability VCID-e6kv-phwy-vfef
15
vulnerability VCID-e8qc-mktf-gyam
16
vulnerability VCID-gafc-bb59-9yhb
17
vulnerability VCID-h4tm-9wqz-1qge
18
vulnerability VCID-hgv6-czxs-cfbc
19
vulnerability VCID-j5th-837s-fkft
20
vulnerability VCID-jbea-m4ak-tqd7
21
vulnerability VCID-jyxg-h3a9-8ygv
22
vulnerability VCID-k1gu-khda-jyeb
23
vulnerability VCID-kapu-yvhn-ybhw
24
vulnerability VCID-mbpz-g2vs-tqc1
25
vulnerability VCID-neby-tsrt-ryg5
26
vulnerability VCID-nehw-r7zm-j7bb
27
vulnerability VCID-p4xa-ks7v-wbay
28
vulnerability VCID-qgqk-f1g2-7fbz
29
vulnerability VCID-reer-fk1f-tkbj
30
vulnerability VCID-saff-gz5j-8kex
31
vulnerability VCID-v43a-k2bg-wkbz
32
vulnerability VCID-w2qv-hbsf-xyfh
33
vulnerability VCID-xccs-pwhb-nuce
34
vulnerability VCID-znn9-qud3-wqat
35
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2015.8.11
aliases CVE-2016-9639, PYSEC-2017-34
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3xs9-ym4e-fyag
3
url VCID-47u4-vdsp-c3ct
vulnerability_id VCID-47u4-vdsp-c3ct
summary An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion software.
references
0
reference_url https://github.com/advisories/GHSA-xf37-qcvf-7m57
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-xf37-qcvf-7m57
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5/
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT/
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ/
4
reference_url https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/
fixed_packages
0
url pkg:pypi/salt@3003.3
purl pkg:pypi/salt@3003.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ce2x-ehyk-nufk
1
vulnerability VCID-nehw-r7zm-j7bb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3003.3
aliases CVE-2021-22004, GHSA-xf37-qcvf-7m57, PYSEC-2021-346
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-47u4-vdsp-c3ct
4
url VCID-48tt-fe7z-ybfb
vulnerability_id VCID-48tt-fe7z-ybfb
summary SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from the MySQL module for Salt. The attack vector is: specially crafted password string. The fixed version is: 2018.3.4.
references
0
reference_url https://github.com/saltstack/salt/blob/f22de0887cd7167887f113bf394244b74fb36b6b/salt/modules/mysql.py#L1534
reference_id
reference_type
scores
url https://github.com/saltstack/salt/blob/f22de0887cd7167887f113bf394244b74fb36b6b/salt/modules/mysql.py#L1534
1
reference_url https://github.com/saltstack/salt/pull/51462
reference_id
reference_type
scores
url https://github.com/saltstack/salt/pull/51462
2
reference_url https://github.com/ShantonRU/salt/commit/a46c86a987c78e74e87969d8d3b27094e6544b7a
reference_id
reference_type
scores
url https://github.com/ShantonRU/salt/commit/a46c86a987c78e74e87969d8d3b27094e6544b7a
fixed_packages
0
url pkg:pypi/salt@2018.3.4
purl pkg:pypi/salt@2018.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-47u4-vdsp-c3ct
3
vulnerability VCID-48r4-3qds-bbhv
4
vulnerability VCID-5hr1-5aec-43h3
5
vulnerability VCID-65p4-5x86-y3fj
6
vulnerability VCID-6cfw-9xe8-43d6
7
vulnerability VCID-7mam-gwcp-8kdm
8
vulnerability VCID-8mpz-ke16-fbej
9
vulnerability VCID-a8kw-uehx-xfg5
10
vulnerability VCID-ce2x-ehyk-nufk
11
vulnerability VCID-cubj-wrbp-1qbu
12
vulnerability VCID-e8qc-mktf-gyam
13
vulnerability VCID-gafc-bb59-9yhb
14
vulnerability VCID-h4tm-9wqz-1qge
15
vulnerability VCID-j5th-837s-fkft
16
vulnerability VCID-jbea-m4ak-tqd7
17
vulnerability VCID-jyxg-h3a9-8ygv
18
vulnerability VCID-k1gu-khda-jyeb
19
vulnerability VCID-mbpz-g2vs-tqc1
20
vulnerability VCID-neby-tsrt-ryg5
21
vulnerability VCID-nehw-r7zm-j7bb
22
vulnerability VCID-p4xa-ks7v-wbay
23
vulnerability VCID-saff-gz5j-8kex
24
vulnerability VCID-v43a-k2bg-wkbz
25
vulnerability VCID-w2qv-hbsf-xyfh
26
vulnerability VCID-znn9-qud3-wqat
27
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2018.3.4
aliases CVE-2019-1010259, PYSEC-2019-119
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-48tt-fe7z-ybfb
5
url VCID-58p2-6c4u-tybp
vulnerability_id VCID-58p2-6c4u-tybp
summary SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2017-10/msg00073.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2017-10/msg00073.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2017-10/msg00075.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2017-10/msg00075.html
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1500742
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1500742
3
reference_url https://docs.saltstack.com/en/latest/topics/releases/2016.11.8.html
reference_id
reference_type
scores
url https://docs.saltstack.com/en/latest/topics/releases/2016.11.8.html
4
reference_url https://docs.saltstack.com/en/latest/topics/releases/2016.3.8.html
reference_id
reference_type
scores
url https://docs.saltstack.com/en/latest/topics/releases/2016.3.8.html
5
reference_url https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html
reference_id
reference_type
scores
url https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html
6
reference_url https://github.com/saltstack/salt/commit/5f8b5e1a0f23fe0f2be5b3c3e04199b57a53db5b
reference_id
reference_type
scores
url https://github.com/saltstack/salt/commit/5f8b5e1a0f23fe0f2be5b3c3e04199b57a53db5b
fixed_packages
0
url pkg:pypi/salt@2016.3.8
purl pkg:pypi/salt@2016.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-7mam-gwcp-8kdm
3
vulnerability VCID-8mpz-ke16-fbej
4
vulnerability VCID-a8kw-uehx-xfg5
5
vulnerability VCID-ce2x-ehyk-nufk
6
vulnerability VCID-e6kv-phwy-vfef
7
vulnerability VCID-e8qc-mktf-gyam
8
vulnerability VCID-gafc-bb59-9yhb
9
vulnerability VCID-h4tm-9wqz-1qge
10
vulnerability VCID-hgv6-czxs-cfbc
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-nehw-r7zm-j7bb
14
vulnerability VCID-qgqk-f1g2-7fbz
15
vulnerability VCID-saff-gz5j-8kex
16
vulnerability VCID-znn9-qud3-wqat
17
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.8
1
url pkg:pypi/salt@2016.11.8
purl pkg:pypi/salt@2016.11.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-47u4-vdsp-c3ct
3
vulnerability VCID-48r4-3qds-bbhv
4
vulnerability VCID-48tt-fe7z-ybfb
5
vulnerability VCID-5hr1-5aec-43h3
6
vulnerability VCID-65p4-5x86-y3fj
7
vulnerability VCID-6cfw-9xe8-43d6
8
vulnerability VCID-7mam-gwcp-8kdm
9
vulnerability VCID-8mpz-ke16-fbej
10
vulnerability VCID-a8kw-uehx-xfg5
11
vulnerability VCID-ce2x-ehyk-nufk
12
vulnerability VCID-cubj-wrbp-1qbu
13
vulnerability VCID-e6kv-phwy-vfef
14
vulnerability VCID-e8qc-mktf-gyam
15
vulnerability VCID-gafc-bb59-9yhb
16
vulnerability VCID-h4tm-9wqz-1qge
17
vulnerability VCID-j5th-837s-fkft
18
vulnerability VCID-jbea-m4ak-tqd7
19
vulnerability VCID-jyxg-h3a9-8ygv
20
vulnerability VCID-k1gu-khda-jyeb
21
vulnerability VCID-mbpz-g2vs-tqc1
22
vulnerability VCID-neby-tsrt-ryg5
23
vulnerability VCID-nehw-r7zm-j7bb
24
vulnerability VCID-p4xa-ks7v-wbay
25
vulnerability VCID-qgqk-f1g2-7fbz
26
vulnerability VCID-saff-gz5j-8kex
27
vulnerability VCID-v43a-k2bg-wkbz
28
vulnerability VCID-w2qv-hbsf-xyfh
29
vulnerability VCID-znn9-qud3-wqat
30
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.8
2
url pkg:pypi/salt@2017.7.2
purl pkg:pypi/salt@2017.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-47u4-vdsp-c3ct
3
vulnerability VCID-48r4-3qds-bbhv
4
vulnerability VCID-48tt-fe7z-ybfb
5
vulnerability VCID-5hr1-5aec-43h3
6
vulnerability VCID-65p4-5x86-y3fj
7
vulnerability VCID-6cfw-9xe8-43d6
8
vulnerability VCID-7mam-gwcp-8kdm
9
vulnerability VCID-8mpz-ke16-fbej
10
vulnerability VCID-a8kw-uehx-xfg5
11
vulnerability VCID-ce2x-ehyk-nufk
12
vulnerability VCID-cubj-wrbp-1qbu
13
vulnerability VCID-e6kv-phwy-vfef
14
vulnerability VCID-e8qc-mktf-gyam
15
vulnerability VCID-gafc-bb59-9yhb
16
vulnerability VCID-h4tm-9wqz-1qge
17
vulnerability VCID-j5th-837s-fkft
18
vulnerability VCID-jbea-m4ak-tqd7
19
vulnerability VCID-jyxg-h3a9-8ygv
20
vulnerability VCID-k1gu-khda-jyeb
21
vulnerability VCID-mbpz-g2vs-tqc1
22
vulnerability VCID-neby-tsrt-ryg5
23
vulnerability VCID-nehw-r7zm-j7bb
24
vulnerability VCID-p4xa-ks7v-wbay
25
vulnerability VCID-qgqk-f1g2-7fbz
26
vulnerability VCID-saff-gz5j-8kex
27
vulnerability VCID-v43a-k2bg-wkbz
28
vulnerability VCID-w2qv-hbsf-xyfh
29
vulnerability VCID-znn9-qud3-wqat
30
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2017.7.2
aliases CVE-2017-14696, PYSEC-2017-37
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-58p2-6c4u-tybp
6
url VCID-5hr1-5aec-43h3
vulnerability_id VCID-5hr1-5aec-43h3
summary An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.
references
0
reference_url http://packetstormsecurity.com/files/162058/SaltStack-Salt-API-Unauthenticated-Remote-Command-Execution.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/162058/SaltStack-Salt-API-Unauthenticated-Remote-Command-Execution.html
1
reference_url https://github.com/saltstack/salt/releases
reference_id
reference_type
scores
url https://github.com/saltstack/salt/releases
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
5
reference_url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
6
reference_url https://security.gentoo.org/glsa/202103-01
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202103-01
fixed_packages
0
url pkg:pypi/salt@2015.8.10
purl pkg:pypi/salt@2015.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xs9-ym4e-fyag
1
vulnerability VCID-47u4-vdsp-c3ct
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8ghn-kbm9-sfas
6
vulnerability VCID-8mpz-ke16-fbej
7
vulnerability VCID-a8kw-uehx-xfg5
8
vulnerability VCID-ce2x-ehyk-nufk
9
vulnerability VCID-e6kv-phwy-vfef
10
vulnerability VCID-e8qc-mktf-gyam
11
vulnerability VCID-gafc-bb59-9yhb
12
vulnerability VCID-h4tm-9wqz-1qge
13
vulnerability VCID-hgv6-czxs-cfbc
14
vulnerability VCID-jyxg-h3a9-8ygv
15
vulnerability VCID-k1gu-khda-jyeb
16
vulnerability VCID-kapu-yvhn-ybhw
17
vulnerability VCID-nehw-r7zm-j7bb
18
vulnerability VCID-qgqk-f1g2-7fbz
19
vulnerability VCID-reer-fk1f-tkbj
20
vulnerability VCID-saff-gz5j-8kex
21
vulnerability VCID-xccs-pwhb-nuce
22
vulnerability VCID-znn9-qud3-wqat
23
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2015.8.10
1
url pkg:pypi/salt@2015.8.13
purl pkg:pypi/salt@2015.8.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8ghn-kbm9-sfas
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-qgqk-f1g2-7fbz
18
vulnerability VCID-saff-gz5j-8kex
19
vulnerability VCID-znn9-qud3-wqat
20
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2015.8.13
2
url pkg:pypi/salt@2016.3.4
purl pkg:pypi/salt@2016.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8ghn-kbm9-sfas
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-qgqk-f1g2-7fbz
18
vulnerability VCID-reer-fk1f-tkbj
19
vulnerability VCID-saff-gz5j-8kex
20
vulnerability VCID-xccs-pwhb-nuce
21
vulnerability VCID-znn9-qud3-wqat
22
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.4
3
url pkg:pypi/salt@2016.3.6
purl pkg:pypi/salt@2016.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e6kv-phwy-vfef
8
vulnerability VCID-e8qc-mktf-gyam
9
vulnerability VCID-gafc-bb59-9yhb
10
vulnerability VCID-h4tm-9wqz-1qge
11
vulnerability VCID-hgv6-czxs-cfbc
12
vulnerability VCID-jyxg-h3a9-8ygv
13
vulnerability VCID-k1gu-khda-jyeb
14
vulnerability VCID-kapu-yvhn-ybhw
15
vulnerability VCID-nehw-r7zm-j7bb
16
vulnerability VCID-qgqk-f1g2-7fbz
17
vulnerability VCID-saff-gz5j-8kex
18
vulnerability VCID-znn9-qud3-wqat
19
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.6
4
url pkg:pypi/salt@2016.3.8
purl pkg:pypi/salt@2016.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-7mam-gwcp-8kdm
3
vulnerability VCID-8mpz-ke16-fbej
4
vulnerability VCID-a8kw-uehx-xfg5
5
vulnerability VCID-ce2x-ehyk-nufk
6
vulnerability VCID-e6kv-phwy-vfef
7
vulnerability VCID-e8qc-mktf-gyam
8
vulnerability VCID-gafc-bb59-9yhb
9
vulnerability VCID-h4tm-9wqz-1qge
10
vulnerability VCID-hgv6-czxs-cfbc
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-nehw-r7zm-j7bb
14
vulnerability VCID-qgqk-f1g2-7fbz
15
vulnerability VCID-saff-gz5j-8kex
16
vulnerability VCID-znn9-qud3-wqat
17
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.8
5
url pkg:pypi/salt@2016.11.3
purl pkg:pypi/salt@2016.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-pr6t-nw24-cfcp
18
vulnerability VCID-qgqk-f1g2-7fbz
19
vulnerability VCID-saff-gz5j-8kex
20
vulnerability VCID-znn9-qud3-wqat
21
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.3
6
url pkg:pypi/salt@2016.11.5
purl pkg:pypi/salt@2016.11.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-cubj-wrbp-1qbu
9
vulnerability VCID-e6kv-phwy-vfef
10
vulnerability VCID-e8qc-mktf-gyam
11
vulnerability VCID-gafc-bb59-9yhb
12
vulnerability VCID-h4tm-9wqz-1qge
13
vulnerability VCID-hgv6-czxs-cfbc
14
vulnerability VCID-j5th-837s-fkft
15
vulnerability VCID-jbea-m4ak-tqd7
16
vulnerability VCID-jyxg-h3a9-8ygv
17
vulnerability VCID-k1gu-khda-jyeb
18
vulnerability VCID-kapu-yvhn-ybhw
19
vulnerability VCID-nehw-r7zm-j7bb
20
vulnerability VCID-qgqk-f1g2-7fbz
21
vulnerability VCID-saff-gz5j-8kex
22
vulnerability VCID-znn9-qud3-wqat
23
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.5
7
url pkg:pypi/salt@2016.11.10
purl pkg:pypi/salt@2016.11.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e6kv-phwy-vfef
8
vulnerability VCID-e8qc-mktf-gyam
9
vulnerability VCID-gafc-bb59-9yhb
10
vulnerability VCID-h4tm-9wqz-1qge
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-nehw-r7zm-j7bb
14
vulnerability VCID-qgqk-f1g2-7fbz
15
vulnerability VCID-saff-gz5j-8kex
16
vulnerability VCID-znn9-qud3-wqat
17
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.10
8
url pkg:pypi/salt@2017.7.8
purl pkg:pypi/salt@2017.7.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e8qc-mktf-gyam
8
vulnerability VCID-gafc-bb59-9yhb
9
vulnerability VCID-h4tm-9wqz-1qge
10
vulnerability VCID-jyxg-h3a9-8ygv
11
vulnerability VCID-k1gu-khda-jyeb
12
vulnerability VCID-nehw-r7zm-j7bb
13
vulnerability VCID-saff-gz5j-8kex
14
vulnerability VCID-znn9-qud3-wqat
15
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2017.7.8
9
url pkg:pypi/salt@2019.2.0rc1
purl pkg:pypi/salt@2019.2.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-7mam-gwcp-8kdm
3
vulnerability VCID-8mpz-ke16-fbej
4
vulnerability VCID-a8kw-uehx-xfg5
5
vulnerability VCID-ce2x-ehyk-nufk
6
vulnerability VCID-e8qc-mktf-gyam
7
vulnerability VCID-gafc-bb59-9yhb
8
vulnerability VCID-h4tm-9wqz-1qge
9
vulnerability VCID-jyxg-h3a9-8ygv
10
vulnerability VCID-k1gu-khda-jyeb
11
vulnerability VCID-nehw-r7zm-j7bb
12
vulnerability VCID-saff-gz5j-8kex
13
vulnerability VCID-znn9-qud3-wqat
14
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.0rc1
10
url pkg:pypi/salt@2019.2.5
purl pkg:pypi/salt@2019.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.5
11
url pkg:pypi/salt@2019.2.8
purl pkg:pypi/salt@2019.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.8
12
url pkg:pypi/salt@3000.6
purl pkg:pypi/salt@3000.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6
13
url pkg:pypi/salt@3001.4
purl pkg:pypi/salt@3001.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4
14
url pkg:pypi/salt@3002.5
purl pkg:pypi/salt@3002.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5
aliases CVE-2021-25282, PYSEC-2021-51
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5hr1-5aec-43h3
7
url VCID-5w26-jb3k-u3b7
vulnerability_id VCID-5w26-jb3k-u3b7
summary Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1222960
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1222960
1
reference_url https://docs.saltstack.com/en/latest/topics/releases/2014.7.6.html
reference_id
reference_type
scores
url https://docs.saltstack.com/en/latest/topics/releases/2014.7.6.html
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2017-31.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2017-31.yaml
3
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
url https://github.com/saltstack/salt
4
reference_url https://groups.google.com/forum/#!topic/salt-users/8Kv1bytGD6c
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/salt-users/8Kv1bytGD6c
5
reference_url http://www.openwall.com/lists/oss-security/2015/05/19/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2015/05/19/2
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-4017
reference_id CVE-2015-4017
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2015-4017
7
reference_url https://github.com/advisories/GHSA-8j9g-c9rp-jvg4
reference_id GHSA-8j9g-c9rp-jvg4
reference_type
scores
url https://github.com/advisories/GHSA-8j9g-c9rp-jvg4
fixed_packages
0
url pkg:pypi/salt@2014.7.6
purl pkg:pypi/salt@2014.7.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-3xs9-ym4e-fyag
3
vulnerability VCID-47u4-vdsp-c3ct
4
vulnerability VCID-48tt-fe7z-ybfb
5
vulnerability VCID-58p2-6c4u-tybp
6
vulnerability VCID-5hr1-5aec-43h3
7
vulnerability VCID-65p4-5x86-y3fj
8
vulnerability VCID-6cfw-9xe8-43d6
9
vulnerability VCID-7mam-gwcp-8kdm
10
vulnerability VCID-8ghn-kbm9-sfas
11
vulnerability VCID-8mpz-ke16-fbej
12
vulnerability VCID-a8kw-uehx-xfg5
13
vulnerability VCID-az3x-2atn-pqh4
14
vulnerability VCID-bxh1-y9mk-3ygg
15
vulnerability VCID-ce2x-ehyk-nufk
16
vulnerability VCID-cubj-wrbp-1qbu
17
vulnerability VCID-e6kv-phwy-vfef
18
vulnerability VCID-e8qc-mktf-gyam
19
vulnerability VCID-gafc-bb59-9yhb
20
vulnerability VCID-h4tm-9wqz-1qge
21
vulnerability VCID-hgv6-czxs-cfbc
22
vulnerability VCID-j5th-837s-fkft
23
vulnerability VCID-jbea-m4ak-tqd7
24
vulnerability VCID-jyxg-h3a9-8ygv
25
vulnerability VCID-k1gu-khda-jyeb
26
vulnerability VCID-kapu-yvhn-ybhw
27
vulnerability VCID-mbpz-g2vs-tqc1
28
vulnerability VCID-neby-tsrt-ryg5
29
vulnerability VCID-nehw-r7zm-j7bb
30
vulnerability VCID-p4xa-ks7v-wbay
31
vulnerability VCID-qgqk-f1g2-7fbz
32
vulnerability VCID-reer-fk1f-tkbj
33
vulnerability VCID-saff-gz5j-8kex
34
vulnerability VCID-v43a-k2bg-wkbz
35
vulnerability VCID-w2qv-hbsf-xyfh
36
vulnerability VCID-xccs-pwhb-nuce
37
vulnerability VCID-xfnm-yvm9-73az
38
vulnerability VCID-znn9-qud3-wqat
39
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2014.7.6
aliases CVE-2015-4017, GHSA-8j9g-c9rp-jvg4, PYSEC-2017-31
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5w26-jb3k-u3b7
8
url VCID-65p4-5x86-y3fj
vulnerability_id VCID-65p4-5x86-y3fj
summary An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.
references
0
reference_url https://github.com/saltstack/salt/releases
reference_id
reference_type
scores
url https://github.com/saltstack/salt/releases
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
4
reference_url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
5
reference_url https://security.gentoo.org/glsa/202103-01
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202103-01
fixed_packages
0
url pkg:pypi/salt@2015.8.10
purl pkg:pypi/salt@2015.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xs9-ym4e-fyag
1
vulnerability VCID-47u4-vdsp-c3ct
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8ghn-kbm9-sfas
6
vulnerability VCID-8mpz-ke16-fbej
7
vulnerability VCID-a8kw-uehx-xfg5
8
vulnerability VCID-ce2x-ehyk-nufk
9
vulnerability VCID-e6kv-phwy-vfef
10
vulnerability VCID-e8qc-mktf-gyam
11
vulnerability VCID-gafc-bb59-9yhb
12
vulnerability VCID-h4tm-9wqz-1qge
13
vulnerability VCID-hgv6-czxs-cfbc
14
vulnerability VCID-jyxg-h3a9-8ygv
15
vulnerability VCID-k1gu-khda-jyeb
16
vulnerability VCID-kapu-yvhn-ybhw
17
vulnerability VCID-nehw-r7zm-j7bb
18
vulnerability VCID-qgqk-f1g2-7fbz
19
vulnerability VCID-reer-fk1f-tkbj
20
vulnerability VCID-saff-gz5j-8kex
21
vulnerability VCID-xccs-pwhb-nuce
22
vulnerability VCID-znn9-qud3-wqat
23
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2015.8.10
1
url pkg:pypi/salt@2015.8.13
purl pkg:pypi/salt@2015.8.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8ghn-kbm9-sfas
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-qgqk-f1g2-7fbz
18
vulnerability VCID-saff-gz5j-8kex
19
vulnerability VCID-znn9-qud3-wqat
20
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2015.8.13
2
url pkg:pypi/salt@2016.3.4
purl pkg:pypi/salt@2016.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8ghn-kbm9-sfas
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-qgqk-f1g2-7fbz
18
vulnerability VCID-reer-fk1f-tkbj
19
vulnerability VCID-saff-gz5j-8kex
20
vulnerability VCID-xccs-pwhb-nuce
21
vulnerability VCID-znn9-qud3-wqat
22
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.4
3
url pkg:pypi/salt@2016.3.6
purl pkg:pypi/salt@2016.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e6kv-phwy-vfef
8
vulnerability VCID-e8qc-mktf-gyam
9
vulnerability VCID-gafc-bb59-9yhb
10
vulnerability VCID-h4tm-9wqz-1qge
11
vulnerability VCID-hgv6-czxs-cfbc
12
vulnerability VCID-jyxg-h3a9-8ygv
13
vulnerability VCID-k1gu-khda-jyeb
14
vulnerability VCID-kapu-yvhn-ybhw
15
vulnerability VCID-nehw-r7zm-j7bb
16
vulnerability VCID-qgqk-f1g2-7fbz
17
vulnerability VCID-saff-gz5j-8kex
18
vulnerability VCID-znn9-qud3-wqat
19
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.6
4
url pkg:pypi/salt@2016.3.8
purl pkg:pypi/salt@2016.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-7mam-gwcp-8kdm
3
vulnerability VCID-8mpz-ke16-fbej
4
vulnerability VCID-a8kw-uehx-xfg5
5
vulnerability VCID-ce2x-ehyk-nufk
6
vulnerability VCID-e6kv-phwy-vfef
7
vulnerability VCID-e8qc-mktf-gyam
8
vulnerability VCID-gafc-bb59-9yhb
9
vulnerability VCID-h4tm-9wqz-1qge
10
vulnerability VCID-hgv6-czxs-cfbc
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-nehw-r7zm-j7bb
14
vulnerability VCID-qgqk-f1g2-7fbz
15
vulnerability VCID-saff-gz5j-8kex
16
vulnerability VCID-znn9-qud3-wqat
17
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.8
5
url pkg:pypi/salt@2016.11.3
purl pkg:pypi/salt@2016.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-pr6t-nw24-cfcp
18
vulnerability VCID-qgqk-f1g2-7fbz
19
vulnerability VCID-saff-gz5j-8kex
20
vulnerability VCID-znn9-qud3-wqat
21
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.3
6
url pkg:pypi/salt@2016.11.5
purl pkg:pypi/salt@2016.11.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-cubj-wrbp-1qbu
9
vulnerability VCID-e6kv-phwy-vfef
10
vulnerability VCID-e8qc-mktf-gyam
11
vulnerability VCID-gafc-bb59-9yhb
12
vulnerability VCID-h4tm-9wqz-1qge
13
vulnerability VCID-hgv6-czxs-cfbc
14
vulnerability VCID-j5th-837s-fkft
15
vulnerability VCID-jbea-m4ak-tqd7
16
vulnerability VCID-jyxg-h3a9-8ygv
17
vulnerability VCID-k1gu-khda-jyeb
18
vulnerability VCID-kapu-yvhn-ybhw
19
vulnerability VCID-nehw-r7zm-j7bb
20
vulnerability VCID-qgqk-f1g2-7fbz
21
vulnerability VCID-saff-gz5j-8kex
22
vulnerability VCID-znn9-qud3-wqat
23
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.5
7
url pkg:pypi/salt@2016.11.10
purl pkg:pypi/salt@2016.11.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e6kv-phwy-vfef
8
vulnerability VCID-e8qc-mktf-gyam
9
vulnerability VCID-gafc-bb59-9yhb
10
vulnerability VCID-h4tm-9wqz-1qge
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-nehw-r7zm-j7bb
14
vulnerability VCID-qgqk-f1g2-7fbz
15
vulnerability VCID-saff-gz5j-8kex
16
vulnerability VCID-znn9-qud3-wqat
17
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.10
8
url pkg:pypi/salt@2017.7.8
purl pkg:pypi/salt@2017.7.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e8qc-mktf-gyam
8
vulnerability VCID-gafc-bb59-9yhb
9
vulnerability VCID-h4tm-9wqz-1qge
10
vulnerability VCID-jyxg-h3a9-8ygv
11
vulnerability VCID-k1gu-khda-jyeb
12
vulnerability VCID-nehw-r7zm-j7bb
13
vulnerability VCID-saff-gz5j-8kex
14
vulnerability VCID-znn9-qud3-wqat
15
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2017.7.8
9
url pkg:pypi/salt@2019.2.0rc1
purl pkg:pypi/salt@2019.2.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-7mam-gwcp-8kdm
3
vulnerability VCID-8mpz-ke16-fbej
4
vulnerability VCID-a8kw-uehx-xfg5
5
vulnerability VCID-ce2x-ehyk-nufk
6
vulnerability VCID-e8qc-mktf-gyam
7
vulnerability VCID-gafc-bb59-9yhb
8
vulnerability VCID-h4tm-9wqz-1qge
9
vulnerability VCID-jyxg-h3a9-8ygv
10
vulnerability VCID-k1gu-khda-jyeb
11
vulnerability VCID-nehw-r7zm-j7bb
12
vulnerability VCID-saff-gz5j-8kex
13
vulnerability VCID-znn9-qud3-wqat
14
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.0rc1
10
url pkg:pypi/salt@2019.2.5
purl pkg:pypi/salt@2019.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.5
11
url pkg:pypi/salt@2019.2.8
purl pkg:pypi/salt@2019.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.8
12
url pkg:pypi/salt@3000.6
purl pkg:pypi/salt@3000.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6
13
url pkg:pypi/salt@3001.4
purl pkg:pypi/salt@3001.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4
14
url pkg:pypi/salt@3002.5
purl pkg:pypi/salt@3002.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5
aliases CVE-2021-25283, PYSEC-2021-52
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-65p4-5x86-y3fj
9
url VCID-6cfw-9xe8-43d6
vulnerability_id VCID-6cfw-9xe8-43d6
summary In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.
references
0
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
3
reference_url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
4
reference_url https://security.gentoo.org/glsa/202103-01
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202103-01
fixed_packages
0
url pkg:pypi/salt@2015.8.10
purl pkg:pypi/salt@2015.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xs9-ym4e-fyag
1
vulnerability VCID-47u4-vdsp-c3ct
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8ghn-kbm9-sfas
6
vulnerability VCID-8mpz-ke16-fbej
7
vulnerability VCID-a8kw-uehx-xfg5
8
vulnerability VCID-ce2x-ehyk-nufk
9
vulnerability VCID-e6kv-phwy-vfef
10
vulnerability VCID-e8qc-mktf-gyam
11
vulnerability VCID-gafc-bb59-9yhb
12
vulnerability VCID-h4tm-9wqz-1qge
13
vulnerability VCID-hgv6-czxs-cfbc
14
vulnerability VCID-jyxg-h3a9-8ygv
15
vulnerability VCID-k1gu-khda-jyeb
16
vulnerability VCID-kapu-yvhn-ybhw
17
vulnerability VCID-nehw-r7zm-j7bb
18
vulnerability VCID-qgqk-f1g2-7fbz
19
vulnerability VCID-reer-fk1f-tkbj
20
vulnerability VCID-saff-gz5j-8kex
21
vulnerability VCID-xccs-pwhb-nuce
22
vulnerability VCID-znn9-qud3-wqat
23
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2015.8.10
1
url pkg:pypi/salt@2015.8.13
purl pkg:pypi/salt@2015.8.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8ghn-kbm9-sfas
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-qgqk-f1g2-7fbz
18
vulnerability VCID-saff-gz5j-8kex
19
vulnerability VCID-znn9-qud3-wqat
20
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2015.8.13
2
url pkg:pypi/salt@2016.3.4
purl pkg:pypi/salt@2016.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8ghn-kbm9-sfas
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-qgqk-f1g2-7fbz
18
vulnerability VCID-reer-fk1f-tkbj
19
vulnerability VCID-saff-gz5j-8kex
20
vulnerability VCID-xccs-pwhb-nuce
21
vulnerability VCID-znn9-qud3-wqat
22
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.4
3
url pkg:pypi/salt@2016.3.6
purl pkg:pypi/salt@2016.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e6kv-phwy-vfef
8
vulnerability VCID-e8qc-mktf-gyam
9
vulnerability VCID-gafc-bb59-9yhb
10
vulnerability VCID-h4tm-9wqz-1qge
11
vulnerability VCID-hgv6-czxs-cfbc
12
vulnerability VCID-jyxg-h3a9-8ygv
13
vulnerability VCID-k1gu-khda-jyeb
14
vulnerability VCID-kapu-yvhn-ybhw
15
vulnerability VCID-nehw-r7zm-j7bb
16
vulnerability VCID-qgqk-f1g2-7fbz
17
vulnerability VCID-saff-gz5j-8kex
18
vulnerability VCID-znn9-qud3-wqat
19
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.6
4
url pkg:pypi/salt@2016.3.8
purl pkg:pypi/salt@2016.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-7mam-gwcp-8kdm
3
vulnerability VCID-8mpz-ke16-fbej
4
vulnerability VCID-a8kw-uehx-xfg5
5
vulnerability VCID-ce2x-ehyk-nufk
6
vulnerability VCID-e6kv-phwy-vfef
7
vulnerability VCID-e8qc-mktf-gyam
8
vulnerability VCID-gafc-bb59-9yhb
9
vulnerability VCID-h4tm-9wqz-1qge
10
vulnerability VCID-hgv6-czxs-cfbc
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-nehw-r7zm-j7bb
14
vulnerability VCID-qgqk-f1g2-7fbz
15
vulnerability VCID-saff-gz5j-8kex
16
vulnerability VCID-znn9-qud3-wqat
17
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.8
5
url pkg:pypi/salt@2016.11.3
purl pkg:pypi/salt@2016.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-pr6t-nw24-cfcp
18
vulnerability VCID-qgqk-f1g2-7fbz
19
vulnerability VCID-saff-gz5j-8kex
20
vulnerability VCID-znn9-qud3-wqat
21
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.3
6
url pkg:pypi/salt@2016.11.5
purl pkg:pypi/salt@2016.11.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-cubj-wrbp-1qbu
9
vulnerability VCID-e6kv-phwy-vfef
10
vulnerability VCID-e8qc-mktf-gyam
11
vulnerability VCID-gafc-bb59-9yhb
12
vulnerability VCID-h4tm-9wqz-1qge
13
vulnerability VCID-hgv6-czxs-cfbc
14
vulnerability VCID-j5th-837s-fkft
15
vulnerability VCID-jbea-m4ak-tqd7
16
vulnerability VCID-jyxg-h3a9-8ygv
17
vulnerability VCID-k1gu-khda-jyeb
18
vulnerability VCID-kapu-yvhn-ybhw
19
vulnerability VCID-nehw-r7zm-j7bb
20
vulnerability VCID-qgqk-f1g2-7fbz
21
vulnerability VCID-saff-gz5j-8kex
22
vulnerability VCID-znn9-qud3-wqat
23
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.5
7
url pkg:pypi/salt@2016.11.10
purl pkg:pypi/salt@2016.11.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e6kv-phwy-vfef
8
vulnerability VCID-e8qc-mktf-gyam
9
vulnerability VCID-gafc-bb59-9yhb
10
vulnerability VCID-h4tm-9wqz-1qge
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-nehw-r7zm-j7bb
14
vulnerability VCID-qgqk-f1g2-7fbz
15
vulnerability VCID-saff-gz5j-8kex
16
vulnerability VCID-znn9-qud3-wqat
17
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.10
8
url pkg:pypi/salt@2017.7.8
purl pkg:pypi/salt@2017.7.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e8qc-mktf-gyam
8
vulnerability VCID-gafc-bb59-9yhb
9
vulnerability VCID-h4tm-9wqz-1qge
10
vulnerability VCID-jyxg-h3a9-8ygv
11
vulnerability VCID-k1gu-khda-jyeb
12
vulnerability VCID-nehw-r7zm-j7bb
13
vulnerability VCID-saff-gz5j-8kex
14
vulnerability VCID-znn9-qud3-wqat
15
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2017.7.8
9
url pkg:pypi/salt@2019.2.0rc1
purl pkg:pypi/salt@2019.2.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-7mam-gwcp-8kdm
3
vulnerability VCID-8mpz-ke16-fbej
4
vulnerability VCID-a8kw-uehx-xfg5
5
vulnerability VCID-ce2x-ehyk-nufk
6
vulnerability VCID-e8qc-mktf-gyam
7
vulnerability VCID-gafc-bb59-9yhb
8
vulnerability VCID-h4tm-9wqz-1qge
9
vulnerability VCID-jyxg-h3a9-8ygv
10
vulnerability VCID-k1gu-khda-jyeb
11
vulnerability VCID-nehw-r7zm-j7bb
12
vulnerability VCID-saff-gz5j-8kex
13
vulnerability VCID-znn9-qud3-wqat
14
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.0rc1
10
url pkg:pypi/salt@2019.2.5
purl pkg:pypi/salt@2019.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.5
11
url pkg:pypi/salt@2019.2.8
purl pkg:pypi/salt@2019.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.8
12
url pkg:pypi/salt@3000.6
purl pkg:pypi/salt@3000.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6
13
url pkg:pypi/salt@3001.4
purl pkg:pypi/salt@3001.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4
14
url pkg:pypi/salt@3002.5
purl pkg:pypi/salt@3002.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5
aliases CVE-2020-35662, PYSEC-2021-75
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6cfw-9xe8-43d6
10
url VCID-7mam-gwcp-8kdm
vulnerability_id VCID-7mam-gwcp-8kdm
summary An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html
2
reference_url http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html
3
reference_url http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html
4
reference_url https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html
reference_id
reference_type
scores
url https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html
5
reference_url https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst
reference_id
reference_type
scores
url https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst
6
reference_url https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html
7
reference_url https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG
reference_id
reference_type
scores
url https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG
8
reference_url https://usn.ubuntu.com/4459-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4459-1/
9
reference_url https://www.debian.org/security/2020/dsa-4676
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4676
10
reference_url http://www.vmware.com/security/advisories/VMSA-2020-0009.html
reference_id
reference_type
scores
url http://www.vmware.com/security/advisories/VMSA-2020-0009.html
fixed_packages
0
url pkg:pypi/salt@2019.2.4
purl pkg:pypi/salt@2019.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-47u4-vdsp-c3ct
3
vulnerability VCID-48r4-3qds-bbhv
4
vulnerability VCID-5hr1-5aec-43h3
5
vulnerability VCID-65p4-5x86-y3fj
6
vulnerability VCID-6cfw-9xe8-43d6
7
vulnerability VCID-8mpz-ke16-fbej
8
vulnerability VCID-a8kw-uehx-xfg5
9
vulnerability VCID-ce2x-ehyk-nufk
10
vulnerability VCID-cubj-wrbp-1qbu
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-j5th-837s-fkft
13
vulnerability VCID-jbea-m4ak-tqd7
14
vulnerability VCID-jyxg-h3a9-8ygv
15
vulnerability VCID-k1gu-khda-jyeb
16
vulnerability VCID-mbpz-g2vs-tqc1
17
vulnerability VCID-neby-tsrt-ryg5
18
vulnerability VCID-nehw-r7zm-j7bb
19
vulnerability VCID-p4xa-ks7v-wbay
20
vulnerability VCID-saff-gz5j-8kex
21
vulnerability VCID-v43a-k2bg-wkbz
22
vulnerability VCID-w2qv-hbsf-xyfh
23
vulnerability VCID-znn9-qud3-wqat
24
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.4
1
url pkg:pypi/salt@3000.2
purl pkg:pypi/salt@3000.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-47u4-vdsp-c3ct
3
vulnerability VCID-48r4-3qds-bbhv
4
vulnerability VCID-5hr1-5aec-43h3
5
vulnerability VCID-65p4-5x86-y3fj
6
vulnerability VCID-6cfw-9xe8-43d6
7
vulnerability VCID-8mpz-ke16-fbej
8
vulnerability VCID-a8kw-uehx-xfg5
9
vulnerability VCID-ce2x-ehyk-nufk
10
vulnerability VCID-cubj-wrbp-1qbu
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-j5th-837s-fkft
13
vulnerability VCID-jbea-m4ak-tqd7
14
vulnerability VCID-jyxg-h3a9-8ygv
15
vulnerability VCID-k1gu-khda-jyeb
16
vulnerability VCID-mbpz-g2vs-tqc1
17
vulnerability VCID-neby-tsrt-ryg5
18
vulnerability VCID-nehw-r7zm-j7bb
19
vulnerability VCID-p4xa-ks7v-wbay
20
vulnerability VCID-saff-gz5j-8kex
21
vulnerability VCID-v43a-k2bg-wkbz
22
vulnerability VCID-w2qv-hbsf-xyfh
23
vulnerability VCID-znn9-qud3-wqat
24
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.2
aliases CVE-2020-11651, PYSEC-2020-102
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7mam-gwcp-8kdm
11
url VCID-8ghn-kbm9-sfas
vulnerability_id VCID-8ghn-kbm9-sfas
summary In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master.
references
0
reference_url https://docs.saltstack.com/en/2017.7/topics/releases/2016.3.6.html
reference_id
reference_type
scores
url https://docs.saltstack.com/en/2017.7/topics/releases/2016.3.6.html
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2018-50.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2018-50.yaml
2
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
url https://github.com/saltstack/salt
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7893
reference_id CVE-2017-7893
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-7893
4
reference_url https://github.com/advisories/GHSA-g283-88v5-rmq2
reference_id GHSA-g283-88v5-rmq2
reference_type
scores
url https://github.com/advisories/GHSA-g283-88v5-rmq2
fixed_packages
0
url pkg:pypi/salt@2016.3.6
purl pkg:pypi/salt@2016.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e6kv-phwy-vfef
8
vulnerability VCID-e8qc-mktf-gyam
9
vulnerability VCID-gafc-bb59-9yhb
10
vulnerability VCID-h4tm-9wqz-1qge
11
vulnerability VCID-hgv6-czxs-cfbc
12
vulnerability VCID-jyxg-h3a9-8ygv
13
vulnerability VCID-k1gu-khda-jyeb
14
vulnerability VCID-kapu-yvhn-ybhw
15
vulnerability VCID-nehw-r7zm-j7bb
16
vulnerability VCID-qgqk-f1g2-7fbz
17
vulnerability VCID-saff-gz5j-8kex
18
vulnerability VCID-znn9-qud3-wqat
19
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.6
aliases CVE-2017-7893, GHSA-g283-88v5-rmq2, PYSEC-2018-50
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8ghn-kbm9-sfas
12
url VCID-8jkp-8ngh-9bcd
vulnerability_id VCID-8jkp-8ngh-9bcd
summary Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.
references
0
reference_url http://docs.saltstack.com/en/latest/topics/releases/2014.1.10.html
reference_id
reference_type
scores
url http://docs.saltstack.com/en/latest/topics/releases/2014.1.10.html
1
reference_url http://seclists.org/oss-sec/2014/q3/428
reference_id
reference_type
scores
url http://seclists.org/oss-sec/2014/q3/428
2
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/95392
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/95392
3
reference_url http://www.securityfocus.com/bid/69319
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/69319
fixed_packages
0
url pkg:pypi/salt@2014.1.10
purl pkg:pypi/salt@2014.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-3xs9-ym4e-fyag
3
vulnerability VCID-47u4-vdsp-c3ct
4
vulnerability VCID-48tt-fe7z-ybfb
5
vulnerability VCID-58p2-6c4u-tybp
6
vulnerability VCID-5hr1-5aec-43h3
7
vulnerability VCID-5w26-jb3k-u3b7
8
vulnerability VCID-65p4-5x86-y3fj
9
vulnerability VCID-6cfw-9xe8-43d6
10
vulnerability VCID-7mam-gwcp-8kdm
11
vulnerability VCID-8ghn-kbm9-sfas
12
vulnerability VCID-8mpz-ke16-fbej
13
vulnerability VCID-a8kw-uehx-xfg5
14
vulnerability VCID-az3x-2atn-pqh4
15
vulnerability VCID-bxh1-y9mk-3ygg
16
vulnerability VCID-ce2x-ehyk-nufk
17
vulnerability VCID-cubj-wrbp-1qbu
18
vulnerability VCID-e6kv-phwy-vfef
19
vulnerability VCID-e8qc-mktf-gyam
20
vulnerability VCID-gafc-bb59-9yhb
21
vulnerability VCID-h4tm-9wqz-1qge
22
vulnerability VCID-hgv6-czxs-cfbc
23
vulnerability VCID-j5th-837s-fkft
24
vulnerability VCID-jbea-m4ak-tqd7
25
vulnerability VCID-jyxg-h3a9-8ygv
26
vulnerability VCID-k1gu-khda-jyeb
27
vulnerability VCID-kapu-yvhn-ybhw
28
vulnerability VCID-mbpz-g2vs-tqc1
29
vulnerability VCID-neby-tsrt-ryg5
30
vulnerability VCID-nehw-r7zm-j7bb
31
vulnerability VCID-p4xa-ks7v-wbay
32
vulnerability VCID-qgqk-f1g2-7fbz
33
vulnerability VCID-reer-fk1f-tkbj
34
vulnerability VCID-saff-gz5j-8kex
35
vulnerability VCID-u5sa-wp1e-wyhg
36
vulnerability VCID-v345-m7e1-aue2
37
vulnerability VCID-v43a-k2bg-wkbz
38
vulnerability VCID-w2qv-hbsf-xyfh
39
vulnerability VCID-xccs-pwhb-nuce
40
vulnerability VCID-xfnm-yvm9-73az
41
vulnerability VCID-znn9-qud3-wqat
42
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2014.1.10
aliases CVE-2014-3563, PYSEC-2014-18
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8jkp-8ngh-9bcd
13
url VCID-8mpz-ke16-fbej
vulnerability_id VCID-8mpz-ke16-fbej
summary An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master.
references
0
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2022-172.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2022-172.yaml
1
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
url https://github.com/saltstack/salt
2
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.8.rst#L31
reference_id
reference_type
scores
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.8.rst#L31
3
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3003.4.rst#L31
reference_id
reference_type
scores
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3003.4.rst#L31
4
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3004.1.rst#L29
reference_id
reference_type
scores
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3004.1.rst#L29
5
reference_url https://github.com/saltstack/salt/releases,
reference_id
reference_type
scores
url https://github.com/saltstack/salt/releases,
6
reference_url https://repo.saltproject.io/
reference_id
reference_type
scores
url https://repo.saltproject.io/
7
reference_url https://saltproject.io/security_announcements/salt-security-advisory-release
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/salt-security-advisory-release
8
reference_url https://saltproject.io/security_announcements/salt-security-advisory-release/,
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/salt-security-advisory-release/,
9
reference_url https://security.gentoo.org/glsa/202310-22
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202310-22
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22935
reference_id CVE-2022-22935
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-22935
11
reference_url https://github.com/advisories/GHSA-cvcc-5x92-gmhc
reference_id GHSA-cvcc-5x92-gmhc
reference_type
scores
url https://github.com/advisories/GHSA-cvcc-5x92-gmhc
fixed_packages
0
url pkg:pypi/salt@3002.8
purl pkg:pypi/salt@3002.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-a8kw-uehx-xfg5
3
vulnerability VCID-ce2x-ehyk-nufk
4
vulnerability VCID-h4tm-9wqz-1qge
5
vulnerability VCID-nehw-r7zm-j7bb
6
vulnerability VCID-saff-gz5j-8kex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.8
1
url pkg:pypi/salt@3003.4
purl pkg:pypi/salt@3003.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ce2x-ehyk-nufk
1
vulnerability VCID-nehw-r7zm-j7bb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3003.4
2
url pkg:pypi/salt@3004.1
purl pkg:pypi/salt@3004.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ce2x-ehyk-nufk
1
vulnerability VCID-nehw-r7zm-j7bb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3004.1
aliases CVE-2022-22935, GHSA-cvcc-5x92-gmhc, PYSEC-2022-172
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8mpz-ke16-fbej
14
url VCID-a8kw-uehx-xfg5
vulnerability_id VCID-a8kw-uehx-xfg5
summary An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.
references
0
reference_url https://github.com/advisories/GHSA-pf7h-h2wq-m7pg
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-pf7h-h2wq-m7pg
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-318.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-318.yaml
2
reference_url https://lists.debian.org/debian-lts-announce/2021/11/msg00017.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2021/11/msg00017.html
3
reference_url https://lists.debian.org/debian-lts-announce/2021/11/msg00019.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2021/11/msg00019.html
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ/
7
reference_url https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/
8
reference_url https://www.debian.org/security/2021/dsa-5011
reference_id
reference_type
scores
url https://www.debian.org/security/2021/dsa-5011
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21996
reference_id CVE-2021-21996
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-21996
fixed_packages
0
url pkg:pypi/salt@3003.3
purl pkg:pypi/salt@3003.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ce2x-ehyk-nufk
1
vulnerability VCID-nehw-r7zm-j7bb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3003.3
aliases CVE-2021-21996, GHSA-pf7h-h2wq-m7pg, PYSEC-2021-318
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a8kw-uehx-xfg5
15
url VCID-az3x-2atn-pqh4
vulnerability_id VCID-az3x-2atn-pqh4
summary The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.
references
0
reference_url https://docs.saltstack.com/en/latest/topics/releases/2015.8.3.html
reference_id
reference_type
scores
url https://docs.saltstack.com/en/latest/topics/releases/2015.8.3.html
1
reference_url http://www.securityfocus.com/bid/96390
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/96390
fixed_packages
0
url pkg:pypi/salt@2015.8.3
purl pkg:pypi/salt@2015.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-3xs9-ym4e-fyag
3
vulnerability VCID-47u4-vdsp-c3ct
4
vulnerability VCID-48tt-fe7z-ybfb
5
vulnerability VCID-58p2-6c4u-tybp
6
vulnerability VCID-5hr1-5aec-43h3
7
vulnerability VCID-65p4-5x86-y3fj
8
vulnerability VCID-6cfw-9xe8-43d6
9
vulnerability VCID-7mam-gwcp-8kdm
10
vulnerability VCID-8ghn-kbm9-sfas
11
vulnerability VCID-8mpz-ke16-fbej
12
vulnerability VCID-a8kw-uehx-xfg5
13
vulnerability VCID-ac31-t3u6-cfap
14
vulnerability VCID-bxh1-y9mk-3ygg
15
vulnerability VCID-ce2x-ehyk-nufk
16
vulnerability VCID-cubj-wrbp-1qbu
17
vulnerability VCID-e6kv-phwy-vfef
18
vulnerability VCID-e8qc-mktf-gyam
19
vulnerability VCID-gafc-bb59-9yhb
20
vulnerability VCID-h4tm-9wqz-1qge
21
vulnerability VCID-hgv6-czxs-cfbc
22
vulnerability VCID-j5th-837s-fkft
23
vulnerability VCID-jbea-m4ak-tqd7
24
vulnerability VCID-jyxg-h3a9-8ygv
25
vulnerability VCID-k1gu-khda-jyeb
26
vulnerability VCID-kapu-yvhn-ybhw
27
vulnerability VCID-mbpz-g2vs-tqc1
28
vulnerability VCID-neby-tsrt-ryg5
29
vulnerability VCID-nehw-r7zm-j7bb
30
vulnerability VCID-p4xa-ks7v-wbay
31
vulnerability VCID-qgqk-f1g2-7fbz
32
vulnerability VCID-reer-fk1f-tkbj
33
vulnerability VCID-saff-gz5j-8kex
34
vulnerability VCID-v43a-k2bg-wkbz
35
vulnerability VCID-w2qv-hbsf-xyfh
36
vulnerability VCID-xccs-pwhb-nuce
37
vulnerability VCID-znn9-qud3-wqat
38
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2015.8.3
aliases CVE-2015-8034, PYSEC-2017-32
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-az3x-2atn-pqh4
16
url VCID-bxh1-y9mk-3ygg
vulnerability_id VCID-bxh1-y9mk-3ygg
summary Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.
references
0
reference_url https://docs.saltstack.com/en/latest/topics/releases/2015.5.10.html
reference_id
reference_type
scores
url https://docs.saltstack.com/en/latest/topics/releases/2015.5.10.html
1
reference_url https://docs.saltstack.com/en/latest/topics/releases/2015.8.8.html
reference_id
reference_type
scores
url https://docs.saltstack.com/en/latest/topics/releases/2015.8.8.html
fixed_packages
0
url pkg:pypi/salt@2015.5.10
purl pkg:pypi/salt@2015.5.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-3xs9-ym4e-fyag
3
vulnerability VCID-47u4-vdsp-c3ct
4
vulnerability VCID-48tt-fe7z-ybfb
5
vulnerability VCID-58p2-6c4u-tybp
6
vulnerability VCID-5hr1-5aec-43h3
7
vulnerability VCID-65p4-5x86-y3fj
8
vulnerability VCID-6cfw-9xe8-43d6
9
vulnerability VCID-7mam-gwcp-8kdm
10
vulnerability VCID-8ghn-kbm9-sfas
11
vulnerability VCID-8mpz-ke16-fbej
12
vulnerability VCID-a8kw-uehx-xfg5
13
vulnerability VCID-az3x-2atn-pqh4
14
vulnerability VCID-ce2x-ehyk-nufk
15
vulnerability VCID-cubj-wrbp-1qbu
16
vulnerability VCID-e6kv-phwy-vfef
17
vulnerability VCID-e8qc-mktf-gyam
18
vulnerability VCID-gafc-bb59-9yhb
19
vulnerability VCID-h4tm-9wqz-1qge
20
vulnerability VCID-hgv6-czxs-cfbc
21
vulnerability VCID-j5th-837s-fkft
22
vulnerability VCID-jbea-m4ak-tqd7
23
vulnerability VCID-jyxg-h3a9-8ygv
24
vulnerability VCID-k1gu-khda-jyeb
25
vulnerability VCID-kapu-yvhn-ybhw
26
vulnerability VCID-mbpz-g2vs-tqc1
27
vulnerability VCID-neby-tsrt-ryg5
28
vulnerability VCID-nehw-r7zm-j7bb
29
vulnerability VCID-p4xa-ks7v-wbay
30
vulnerability VCID-qgqk-f1g2-7fbz
31
vulnerability VCID-reer-fk1f-tkbj
32
vulnerability VCID-saff-gz5j-8kex
33
vulnerability VCID-v43a-k2bg-wkbz
34
vulnerability VCID-w2qv-hbsf-xyfh
35
vulnerability VCID-xccs-pwhb-nuce
36
vulnerability VCID-znn9-qud3-wqat
37
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2015.5.10
1
url pkg:pypi/salt@2015.8.8
purl pkg:pypi/salt@2015.8.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-3xs9-ym4e-fyag
3
vulnerability VCID-47u4-vdsp-c3ct
4
vulnerability VCID-48tt-fe7z-ybfb
5
vulnerability VCID-58p2-6c4u-tybp
6
vulnerability VCID-5hr1-5aec-43h3
7
vulnerability VCID-65p4-5x86-y3fj
8
vulnerability VCID-6cfw-9xe8-43d6
9
vulnerability VCID-7mam-gwcp-8kdm
10
vulnerability VCID-8ghn-kbm9-sfas
11
vulnerability VCID-8mpz-ke16-fbej
12
vulnerability VCID-a8kw-uehx-xfg5
13
vulnerability VCID-ce2x-ehyk-nufk
14
vulnerability VCID-cubj-wrbp-1qbu
15
vulnerability VCID-e6kv-phwy-vfef
16
vulnerability VCID-e8qc-mktf-gyam
17
vulnerability VCID-gafc-bb59-9yhb
18
vulnerability VCID-h4tm-9wqz-1qge
19
vulnerability VCID-hgv6-czxs-cfbc
20
vulnerability VCID-j5th-837s-fkft
21
vulnerability VCID-jbea-m4ak-tqd7
22
vulnerability VCID-jyxg-h3a9-8ygv
23
vulnerability VCID-k1gu-khda-jyeb
24
vulnerability VCID-kapu-yvhn-ybhw
25
vulnerability VCID-mbpz-g2vs-tqc1
26
vulnerability VCID-neby-tsrt-ryg5
27
vulnerability VCID-nehw-r7zm-j7bb
28
vulnerability VCID-p4xa-ks7v-wbay
29
vulnerability VCID-qgqk-f1g2-7fbz
30
vulnerability VCID-reer-fk1f-tkbj
31
vulnerability VCID-saff-gz5j-8kex
32
vulnerability VCID-v43a-k2bg-wkbz
33
vulnerability VCID-w2qv-hbsf-xyfh
34
vulnerability VCID-xccs-pwhb-nuce
35
vulnerability VCID-znn9-qud3-wqat
36
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2015.8.8
aliases CVE-2016-3176, PYSEC-2017-33
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bxh1-y9mk-3ygg
17
url VCID-byz4-ynsr-kbec
vulnerability_id VCID-byz4-ynsr-kbec
summary Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key.
references
0
reference_url http://docs.saltstack.com/topics/releases/0.17.1.html
reference_id
reference_type
scores
url http://docs.saltstack.com/topics/releases/0.17.1.html
1
reference_url https://github.com/advisories/GHSA-jmv9-5gx8-7xpf
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-jmv9-5gx8-7xpf
2
reference_url https://github.com/saltstack/salt/pull/7356
reference_id
reference_type
scores
url https://github.com/saltstack/salt/pull/7356
3
reference_url http://www.openwall.com/lists/oss-security/2013/10/18/3
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2013/10/18/3
fixed_packages
0
url pkg:pypi/salt@0.17.1
purl pkg:pypi/salt@0.17.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-3xs9-ym4e-fyag
3
vulnerability VCID-47u4-vdsp-c3ct
4
vulnerability VCID-48tt-fe7z-ybfb
5
vulnerability VCID-58p2-6c4u-tybp
6
vulnerability VCID-5hr1-5aec-43h3
7
vulnerability VCID-5w26-jb3k-u3b7
8
vulnerability VCID-65p4-5x86-y3fj
9
vulnerability VCID-6cfw-9xe8-43d6
10
vulnerability VCID-7mam-gwcp-8kdm
11
vulnerability VCID-8ghn-kbm9-sfas
12
vulnerability VCID-8jkp-8ngh-9bcd
13
vulnerability VCID-8mpz-ke16-fbej
14
vulnerability VCID-a8kw-uehx-xfg5
15
vulnerability VCID-az3x-2atn-pqh4
16
vulnerability VCID-bxh1-y9mk-3ygg
17
vulnerability VCID-ce2x-ehyk-nufk
18
vulnerability VCID-cubj-wrbp-1qbu
19
vulnerability VCID-e6kv-phwy-vfef
20
vulnerability VCID-e8qc-mktf-gyam
21
vulnerability VCID-gafc-bb59-9yhb
22
vulnerability VCID-h4tm-9wqz-1qge
23
vulnerability VCID-hgv6-czxs-cfbc
24
vulnerability VCID-j5th-837s-fkft
25
vulnerability VCID-jbea-m4ak-tqd7
26
vulnerability VCID-jyxg-h3a9-8ygv
27
vulnerability VCID-k1gu-khda-jyeb
28
vulnerability VCID-kapu-yvhn-ybhw
29
vulnerability VCID-mbpz-g2vs-tqc1
30
vulnerability VCID-neby-tsrt-ryg5
31
vulnerability VCID-nehw-r7zm-j7bb
32
vulnerability VCID-p4xa-ks7v-wbay
33
vulnerability VCID-qgqk-f1g2-7fbz
34
vulnerability VCID-reer-fk1f-tkbj
35
vulnerability VCID-saff-gz5j-8kex
36
vulnerability VCID-u5sa-wp1e-wyhg
37
vulnerability VCID-v345-m7e1-aue2
38
vulnerability VCID-v43a-k2bg-wkbz
39
vulnerability VCID-w2qv-hbsf-xyfh
40
vulnerability VCID-xccs-pwhb-nuce
41
vulnerability VCID-xfnm-yvm9-73az
42
vulnerability VCID-znn9-qud3-wqat
43
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@0.17.1
aliases CVE-2013-4439, GHSA-jmv9-5gx8-7xpf, PYSEC-2013-14
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-byz4-ynsr-kbec
18
url VCID-ce2x-ehyk-nufk
vulnerability_id VCID-ce2x-ehyk-nufk
summary Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. Anything that uses Git Providers with different environments can get garbage data or the wrong data, which can lead to wrongful data disclosure, wrongful executions, data corruption and/or crash.
references
0
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2023-169.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2023-169.yaml
1
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
url https://github.com/saltstack/salt
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OMWJIHQZXHK6FH2E3IWAZCYIRI7FLVOL
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OMWJIHQZXHK6FH2E3IWAZCYIRI7FLVOL
3
reference_url https://saltproject.io/security-announcements/2023-08-10-advisory
reference_id
reference_type
scores
url https://saltproject.io/security-announcements/2023-08-10-advisory
4
reference_url https://saltproject.io/security-announcements/2023-08-10-advisory/
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://saltproject.io/security-announcements/2023-08-10-advisory/
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-20898
reference_id CVE-2023-20898
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-20898
6
reference_url https://github.com/advisories/GHSA-qvh6-3j7x-3hq7
reference_id GHSA-qvh6-3j7x-3hq7
reference_type
scores
url https://github.com/advisories/GHSA-qvh6-3j7x-3hq7
fixed_packages
0
url pkg:pypi/salt@3005.2
purl pkg:pypi/salt@3005.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3005.2
1
url pkg:pypi/salt@3006.2
purl pkg:pypi/salt@3006.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.2
aliases CVE-2023-20898, GHSA-qvh6-3j7x-3hq7, PYSEC-2023-169
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ce2x-ehyk-nufk
19
url VCID-cubj-wrbp-1qbu
vulnerability_id VCID-cubj-wrbp-1qbu
summary An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html
1
reference_url http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html
2
reference_url https://github.com/saltstack/salt/releases
reference_id
reference_type
scores
url https://github.com/saltstack/salt/releases
3
reference_url https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/
5
reference_url https://security.gentoo.org/glsa/202011-13
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202011-13
6
reference_url https://www.debian.org/security/2021/dsa-4837
reference_id
reference_type
scores
url https://www.debian.org/security/2021/dsa-4837
7
reference_url https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
reference_id
reference_type
scores
url https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
8
reference_url https://www.zerodayinitiative.com/advisories/ZDI-20-1379/
reference_id
reference_type
scores
url https://www.zerodayinitiative.com/advisories/ZDI-20-1379/
9
reference_url https://www.zerodayinitiative.com/advisories/ZDI-20-1380/
reference_id
reference_type
scores
url https://www.zerodayinitiative.com/advisories/ZDI-20-1380/
10
reference_url https://www.zerodayinitiative.com/advisories/ZDI-20-1381/
reference_id
reference_type
scores
url https://www.zerodayinitiative.com/advisories/ZDI-20-1381/
11
reference_url https://www.zerodayinitiative.com/advisories/ZDI-20-1382/
reference_id
reference_type
scores
url https://www.zerodayinitiative.com/advisories/ZDI-20-1382/
12
reference_url https://www.zerodayinitiative.com/advisories/ZDI-20-1383/
reference_id
reference_type
scores
url https://www.zerodayinitiative.com/advisories/ZDI-20-1383/
fixed_packages
0
url pkg:pypi/salt@2015.8.10
purl pkg:pypi/salt@2015.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xs9-ym4e-fyag
1
vulnerability VCID-47u4-vdsp-c3ct
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8ghn-kbm9-sfas
6
vulnerability VCID-8mpz-ke16-fbej
7
vulnerability VCID-a8kw-uehx-xfg5
8
vulnerability VCID-ce2x-ehyk-nufk
9
vulnerability VCID-e6kv-phwy-vfef
10
vulnerability VCID-e8qc-mktf-gyam
11
vulnerability VCID-gafc-bb59-9yhb
12
vulnerability VCID-h4tm-9wqz-1qge
13
vulnerability VCID-hgv6-czxs-cfbc
14
vulnerability VCID-jyxg-h3a9-8ygv
15
vulnerability VCID-k1gu-khda-jyeb
16
vulnerability VCID-kapu-yvhn-ybhw
17
vulnerability VCID-nehw-r7zm-j7bb
18
vulnerability VCID-qgqk-f1g2-7fbz
19
vulnerability VCID-reer-fk1f-tkbj
20
vulnerability VCID-saff-gz5j-8kex
21
vulnerability VCID-xccs-pwhb-nuce
22
vulnerability VCID-znn9-qud3-wqat
23
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2015.8.10
1
url pkg:pypi/salt@2015.8.13
purl pkg:pypi/salt@2015.8.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8ghn-kbm9-sfas
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-qgqk-f1g2-7fbz
18
vulnerability VCID-saff-gz5j-8kex
19
vulnerability VCID-znn9-qud3-wqat
20
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2015.8.13
2
url pkg:pypi/salt@2016.3.4
purl pkg:pypi/salt@2016.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8ghn-kbm9-sfas
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-qgqk-f1g2-7fbz
18
vulnerability VCID-reer-fk1f-tkbj
19
vulnerability VCID-saff-gz5j-8kex
20
vulnerability VCID-xccs-pwhb-nuce
21
vulnerability VCID-znn9-qud3-wqat
22
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.4
3
url pkg:pypi/salt@2016.3.6
purl pkg:pypi/salt@2016.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e6kv-phwy-vfef
8
vulnerability VCID-e8qc-mktf-gyam
9
vulnerability VCID-gafc-bb59-9yhb
10
vulnerability VCID-h4tm-9wqz-1qge
11
vulnerability VCID-hgv6-czxs-cfbc
12
vulnerability VCID-jyxg-h3a9-8ygv
13
vulnerability VCID-k1gu-khda-jyeb
14
vulnerability VCID-kapu-yvhn-ybhw
15
vulnerability VCID-nehw-r7zm-j7bb
16
vulnerability VCID-qgqk-f1g2-7fbz
17
vulnerability VCID-saff-gz5j-8kex
18
vulnerability VCID-znn9-qud3-wqat
19
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.6
4
url pkg:pypi/salt@2016.3.8
purl pkg:pypi/salt@2016.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-7mam-gwcp-8kdm
3
vulnerability VCID-8mpz-ke16-fbej
4
vulnerability VCID-a8kw-uehx-xfg5
5
vulnerability VCID-ce2x-ehyk-nufk
6
vulnerability VCID-e6kv-phwy-vfef
7
vulnerability VCID-e8qc-mktf-gyam
8
vulnerability VCID-gafc-bb59-9yhb
9
vulnerability VCID-h4tm-9wqz-1qge
10
vulnerability VCID-hgv6-czxs-cfbc
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-nehw-r7zm-j7bb
14
vulnerability VCID-qgqk-f1g2-7fbz
15
vulnerability VCID-saff-gz5j-8kex
16
vulnerability VCID-znn9-qud3-wqat
17
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.8
5
url pkg:pypi/salt@2016.11.3
purl pkg:pypi/salt@2016.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-pr6t-nw24-cfcp
18
vulnerability VCID-qgqk-f1g2-7fbz
19
vulnerability VCID-saff-gz5j-8kex
20
vulnerability VCID-znn9-qud3-wqat
21
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.3
6
url pkg:pypi/salt@2016.11.6
purl pkg:pypi/salt@2016.11.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-qgqk-f1g2-7fbz
18
vulnerability VCID-saff-gz5j-8kex
19
vulnerability VCID-znn9-qud3-wqat
20
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.6
7
url pkg:pypi/salt@2016.11.10
purl pkg:pypi/salt@2016.11.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e6kv-phwy-vfef
8
vulnerability VCID-e8qc-mktf-gyam
9
vulnerability VCID-gafc-bb59-9yhb
10
vulnerability VCID-h4tm-9wqz-1qge
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-nehw-r7zm-j7bb
14
vulnerability VCID-qgqk-f1g2-7fbz
15
vulnerability VCID-saff-gz5j-8kex
16
vulnerability VCID-znn9-qud3-wqat
17
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.10
8
url pkg:pypi/salt@2017.7.4
purl pkg:pypi/salt@2017.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-47u4-vdsp-c3ct
3
vulnerability VCID-48r4-3qds-bbhv
4
vulnerability VCID-48tt-fe7z-ybfb
5
vulnerability VCID-5hr1-5aec-43h3
6
vulnerability VCID-65p4-5x86-y3fj
7
vulnerability VCID-6cfw-9xe8-43d6
8
vulnerability VCID-7mam-gwcp-8kdm
9
vulnerability VCID-8mpz-ke16-fbej
10
vulnerability VCID-a8kw-uehx-xfg5
11
vulnerability VCID-ce2x-ehyk-nufk
12
vulnerability VCID-e6kv-phwy-vfef
13
vulnerability VCID-e8qc-mktf-gyam
14
vulnerability VCID-gafc-bb59-9yhb
15
vulnerability VCID-h4tm-9wqz-1qge
16
vulnerability VCID-jyxg-h3a9-8ygv
17
vulnerability VCID-k1gu-khda-jyeb
18
vulnerability VCID-mbpz-g2vs-tqc1
19
vulnerability VCID-neby-tsrt-ryg5
20
vulnerability VCID-nehw-r7zm-j7bb
21
vulnerability VCID-p4xa-ks7v-wbay
22
vulnerability VCID-qgqk-f1g2-7fbz
23
vulnerability VCID-saff-gz5j-8kex
24
vulnerability VCID-v43a-k2bg-wkbz
25
vulnerability VCID-w2qv-hbsf-xyfh
26
vulnerability VCID-znn9-qud3-wqat
27
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2017.7.4
9
url pkg:pypi/salt@2017.7.8
purl pkg:pypi/salt@2017.7.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e8qc-mktf-gyam
8
vulnerability VCID-gafc-bb59-9yhb
9
vulnerability VCID-h4tm-9wqz-1qge
10
vulnerability VCID-jyxg-h3a9-8ygv
11
vulnerability VCID-k1gu-khda-jyeb
12
vulnerability VCID-nehw-r7zm-j7bb
13
vulnerability VCID-saff-gz5j-8kex
14
vulnerability VCID-znn9-qud3-wqat
15
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2017.7.8
10
url pkg:pypi/salt@2018.3.5
purl pkg:pypi/salt@2018.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-47u4-vdsp-c3ct
3
vulnerability VCID-48r4-3qds-bbhv
4
vulnerability VCID-5hr1-5aec-43h3
5
vulnerability VCID-65p4-5x86-y3fj
6
vulnerability VCID-6cfw-9xe8-43d6
7
vulnerability VCID-7mam-gwcp-8kdm
8
vulnerability VCID-8mpz-ke16-fbej
9
vulnerability VCID-a8kw-uehx-xfg5
10
vulnerability VCID-ce2x-ehyk-nufk
11
vulnerability VCID-e8qc-mktf-gyam
12
vulnerability VCID-gafc-bb59-9yhb
13
vulnerability VCID-h4tm-9wqz-1qge
14
vulnerability VCID-jyxg-h3a9-8ygv
15
vulnerability VCID-k1gu-khda-jyeb
16
vulnerability VCID-mbpz-g2vs-tqc1
17
vulnerability VCID-neby-tsrt-ryg5
18
vulnerability VCID-nehw-r7zm-j7bb
19
vulnerability VCID-p4xa-ks7v-wbay
20
vulnerability VCID-saff-gz5j-8kex
21
vulnerability VCID-v43a-k2bg-wkbz
22
vulnerability VCID-w2qv-hbsf-xyfh
23
vulnerability VCID-znn9-qud3-wqat
24
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2018.3.5
11
url pkg:pypi/salt@2019.2.5
purl pkg:pypi/salt@2019.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.5
12
url pkg:pypi/salt@3000.3
purl pkg:pypi/salt@3000.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-47u4-vdsp-c3ct
3
vulnerability VCID-48r4-3qds-bbhv
4
vulnerability VCID-5hr1-5aec-43h3
5
vulnerability VCID-65p4-5x86-y3fj
6
vulnerability VCID-6cfw-9xe8-43d6
7
vulnerability VCID-8mpz-ke16-fbej
8
vulnerability VCID-a8kw-uehx-xfg5
9
vulnerability VCID-ce2x-ehyk-nufk
10
vulnerability VCID-h4tm-9wqz-1qge
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-mbpz-g2vs-tqc1
14
vulnerability VCID-neby-tsrt-ryg5
15
vulnerability VCID-nehw-r7zm-j7bb
16
vulnerability VCID-p4xa-ks7v-wbay
17
vulnerability VCID-saff-gz5j-8kex
18
vulnerability VCID-v43a-k2bg-wkbz
19
vulnerability VCID-w2qv-hbsf-xyfh
20
vulnerability VCID-znn9-qud3-wqat
21
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.3
aliases CVE-2020-16846, PYSEC-2020-104
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cubj-wrbp-1qbu
20
url VCID-e6kv-phwy-vfef
vulnerability_id VCID-e6kv-phwy-vfef
summary SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html
1
reference_url https://docs.saltstack.com/en/2017.7/topics/releases/2017.7.8.html
reference_id
reference_type
scores
url https://docs.saltstack.com/en/2017.7/topics/releases/2017.7.8.html
2
reference_url https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html
reference_id
reference_type
scores
url https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2018-30.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2018-30.yaml
4
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
url https://github.com/saltstack/salt
5
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/2016.11.10.rst#L13
reference_id
reference_type
scores
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/2016.11.10.rst#L13
6
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/2017.7.8.rst#L26
reference_id
reference_type
scores
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/2017.7.8.rst#L26
7
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/2018.3.3.rst#L56
reference_id
reference_type
scores
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/2018.3.3.rst#L56
8
reference_url https://groups.google.com/d/msg/salt-users/dimVF7rpphY/jn3Xv3MbBQAJ
reference_id
reference_type
scores
url https://groups.google.com/d/msg/salt-users/dimVF7rpphY/jn3Xv3MbBQAJ
9
reference_url https://groups.google.com/d/msg/salt-users/L9xqcJ0UXxs/qgDj42obBQAJ
reference_id
reference_type
scores
url https://groups.google.com/d/msg/salt-users/L9xqcJ0UXxs/qgDj42obBQAJ
10
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00024.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/07/msg00024.html
11
reference_url https://usn.ubuntu.com/4459-1
reference_id
reference_type
scores
url https://usn.ubuntu.com/4459-1
12
reference_url https://usn.ubuntu.com/4459-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4459-1/
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-15751
reference_id CVE-2018-15751
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-15751
14
reference_url https://github.com/advisories/GHSA-x549-r7m8-gv63
reference_id GHSA-x549-r7m8-gv63
reference_type
scores
url https://github.com/advisories/GHSA-x549-r7m8-gv63
fixed_packages
0
url pkg:pypi/salt@2016.11.10
purl pkg:pypi/salt@2016.11.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e6kv-phwy-vfef
8
vulnerability VCID-e8qc-mktf-gyam
9
vulnerability VCID-gafc-bb59-9yhb
10
vulnerability VCID-h4tm-9wqz-1qge
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-nehw-r7zm-j7bb
14
vulnerability VCID-qgqk-f1g2-7fbz
15
vulnerability VCID-saff-gz5j-8kex
16
vulnerability VCID-znn9-qud3-wqat
17
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.10
1
url pkg:pypi/salt@2017.7.8
purl pkg:pypi/salt@2017.7.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e8qc-mktf-gyam
8
vulnerability VCID-gafc-bb59-9yhb
9
vulnerability VCID-h4tm-9wqz-1qge
10
vulnerability VCID-jyxg-h3a9-8ygv
11
vulnerability VCID-k1gu-khda-jyeb
12
vulnerability VCID-nehw-r7zm-j7bb
13
vulnerability VCID-saff-gz5j-8kex
14
vulnerability VCID-znn9-qud3-wqat
15
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2017.7.8
2
url pkg:pypi/salt@2018.3.3
purl pkg:pypi/salt@2018.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-47u4-vdsp-c3ct
3
vulnerability VCID-48r4-3qds-bbhv
4
vulnerability VCID-48tt-fe7z-ybfb
5
vulnerability VCID-5hr1-5aec-43h3
6
vulnerability VCID-65p4-5x86-y3fj
7
vulnerability VCID-6cfw-9xe8-43d6
8
vulnerability VCID-7mam-gwcp-8kdm
9
vulnerability VCID-8mpz-ke16-fbej
10
vulnerability VCID-a8kw-uehx-xfg5
11
vulnerability VCID-ce2x-ehyk-nufk
12
vulnerability VCID-cubj-wrbp-1qbu
13
vulnerability VCID-e8qc-mktf-gyam
14
vulnerability VCID-gafc-bb59-9yhb
15
vulnerability VCID-h4tm-9wqz-1qge
16
vulnerability VCID-j5th-837s-fkft
17
vulnerability VCID-jbea-m4ak-tqd7
18
vulnerability VCID-jyxg-h3a9-8ygv
19
vulnerability VCID-k1gu-khda-jyeb
20
vulnerability VCID-mbpz-g2vs-tqc1
21
vulnerability VCID-neby-tsrt-ryg5
22
vulnerability VCID-nehw-r7zm-j7bb
23
vulnerability VCID-p4xa-ks7v-wbay
24
vulnerability VCID-saff-gz5j-8kex
25
vulnerability VCID-v43a-k2bg-wkbz
26
vulnerability VCID-w2qv-hbsf-xyfh
27
vulnerability VCID-znn9-qud3-wqat
28
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2018.3.3
aliases CVE-2018-15751, GHSA-x549-r7m8-gv63, PYSEC-2018-30
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e6kv-phwy-vfef
21
url VCID-e8qc-mktf-gyam
vulnerability_id VCID-e8qc-mktf-gyam
summary In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00026.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00026.html
1
reference_url https://docs.saltstack.com/en/latest/topics/releases/2019.2.3.html#security-fix
reference_id
reference_type
scores
url https://docs.saltstack.com/en/latest/topics/releases/2019.2.3.html#security-fix
2
reference_url https://github.com/saltstack/salt/commits/master
reference_id
reference_type
scores
url https://github.com/saltstack/salt/commits/master
3
reference_url https://usn.ubuntu.com/4459-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4459-1/
4
reference_url https://www.debian.org/security/2020/dsa-4676
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4676
fixed_packages
0
url pkg:pypi/salt@2019.2.1
purl pkg:pypi/salt@2019.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-47u4-vdsp-c3ct
3
vulnerability VCID-48r4-3qds-bbhv
4
vulnerability VCID-5hr1-5aec-43h3
5
vulnerability VCID-65p4-5x86-y3fj
6
vulnerability VCID-6cfw-9xe8-43d6
7
vulnerability VCID-7mam-gwcp-8kdm
8
vulnerability VCID-8mpz-ke16-fbej
9
vulnerability VCID-a8kw-uehx-xfg5
10
vulnerability VCID-ce2x-ehyk-nufk
11
vulnerability VCID-cubj-wrbp-1qbu
12
vulnerability VCID-gafc-bb59-9yhb
13
vulnerability VCID-h4tm-9wqz-1qge
14
vulnerability VCID-j5th-837s-fkft
15
vulnerability VCID-jbea-m4ak-tqd7
16
vulnerability VCID-jyxg-h3a9-8ygv
17
vulnerability VCID-k1gu-khda-jyeb
18
vulnerability VCID-mbpz-g2vs-tqc1
19
vulnerability VCID-neby-tsrt-ryg5
20
vulnerability VCID-nehw-r7zm-j7bb
21
vulnerability VCID-p4xa-ks7v-wbay
22
vulnerability VCID-saff-gz5j-8kex
23
vulnerability VCID-v43a-k2bg-wkbz
24
vulnerability VCID-w2qv-hbsf-xyfh
25
vulnerability VCID-znn9-qud3-wqat
26
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.1
aliases CVE-2019-17361, PYSEC-2020-177
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e8qc-mktf-gyam
22
url VCID-ew62-nxq6-fudr
vulnerability_id VCID-ew62-nxq6-fudr
summary The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges.
references
0
reference_url http://docs.saltstack.com/topics/releases/0.17.1.html
reference_id
reference_type
scores
url http://docs.saltstack.com/topics/releases/0.17.1.html
fixed_packages
0
url pkg:pypi/salt@0.17.1
purl pkg:pypi/salt@0.17.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-3xs9-ym4e-fyag
3
vulnerability VCID-47u4-vdsp-c3ct
4
vulnerability VCID-48tt-fe7z-ybfb
5
vulnerability VCID-58p2-6c4u-tybp
6
vulnerability VCID-5hr1-5aec-43h3
7
vulnerability VCID-5w26-jb3k-u3b7
8
vulnerability VCID-65p4-5x86-y3fj
9
vulnerability VCID-6cfw-9xe8-43d6
10
vulnerability VCID-7mam-gwcp-8kdm
11
vulnerability VCID-8ghn-kbm9-sfas
12
vulnerability VCID-8jkp-8ngh-9bcd
13
vulnerability VCID-8mpz-ke16-fbej
14
vulnerability VCID-a8kw-uehx-xfg5
15
vulnerability VCID-az3x-2atn-pqh4
16
vulnerability VCID-bxh1-y9mk-3ygg
17
vulnerability VCID-ce2x-ehyk-nufk
18
vulnerability VCID-cubj-wrbp-1qbu
19
vulnerability VCID-e6kv-phwy-vfef
20
vulnerability VCID-e8qc-mktf-gyam
21
vulnerability VCID-gafc-bb59-9yhb
22
vulnerability VCID-h4tm-9wqz-1qge
23
vulnerability VCID-hgv6-czxs-cfbc
24
vulnerability VCID-j5th-837s-fkft
25
vulnerability VCID-jbea-m4ak-tqd7
26
vulnerability VCID-jyxg-h3a9-8ygv
27
vulnerability VCID-k1gu-khda-jyeb
28
vulnerability VCID-kapu-yvhn-ybhw
29
vulnerability VCID-mbpz-g2vs-tqc1
30
vulnerability VCID-neby-tsrt-ryg5
31
vulnerability VCID-nehw-r7zm-j7bb
32
vulnerability VCID-p4xa-ks7v-wbay
33
vulnerability VCID-qgqk-f1g2-7fbz
34
vulnerability VCID-reer-fk1f-tkbj
35
vulnerability VCID-saff-gz5j-8kex
36
vulnerability VCID-u5sa-wp1e-wyhg
37
vulnerability VCID-v345-m7e1-aue2
38
vulnerability VCID-v43a-k2bg-wkbz
39
vulnerability VCID-w2qv-hbsf-xyfh
40
vulnerability VCID-xccs-pwhb-nuce
41
vulnerability VCID-xfnm-yvm9-73az
42
vulnerability VCID-znn9-qud3-wqat
43
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@0.17.1
aliases CVE-2013-6617, PYSEC-2013-15
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ew62-nxq6-fudr
23
url VCID-gafc-bb59-9yhb
vulnerability_id VCID-gafc-bb59-9yhb
summary An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html
2
reference_url http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html
3
reference_url http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html
4
reference_url https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html
reference_id
reference_type
scores
url https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html
5
reference_url https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst
reference_id
reference_type
scores
url https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst
6
reference_url https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html
7
reference_url https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG
reference_id
reference_type
scores
url https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG
8
reference_url http://support.blackberry.com/kb/articleDetail?articleNumber=000063758
reference_id
reference_type
scores
url http://support.blackberry.com/kb/articleDetail?articleNumber=000063758
9
reference_url https://usn.ubuntu.com/4459-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4459-1/
10
reference_url https://www.debian.org/security/2020/dsa-4676
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4676
11
reference_url http://www.vmware.com/security/advisories/VMSA-2020-0009.html
reference_id
reference_type
scores
url http://www.vmware.com/security/advisories/VMSA-2020-0009.html
fixed_packages
0
url pkg:pypi/salt@2019.2.4
purl pkg:pypi/salt@2019.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-47u4-vdsp-c3ct
3
vulnerability VCID-48r4-3qds-bbhv
4
vulnerability VCID-5hr1-5aec-43h3
5
vulnerability VCID-65p4-5x86-y3fj
6
vulnerability VCID-6cfw-9xe8-43d6
7
vulnerability VCID-8mpz-ke16-fbej
8
vulnerability VCID-a8kw-uehx-xfg5
9
vulnerability VCID-ce2x-ehyk-nufk
10
vulnerability VCID-cubj-wrbp-1qbu
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-j5th-837s-fkft
13
vulnerability VCID-jbea-m4ak-tqd7
14
vulnerability VCID-jyxg-h3a9-8ygv
15
vulnerability VCID-k1gu-khda-jyeb
16
vulnerability VCID-mbpz-g2vs-tqc1
17
vulnerability VCID-neby-tsrt-ryg5
18
vulnerability VCID-nehw-r7zm-j7bb
19
vulnerability VCID-p4xa-ks7v-wbay
20
vulnerability VCID-saff-gz5j-8kex
21
vulnerability VCID-v43a-k2bg-wkbz
22
vulnerability VCID-w2qv-hbsf-xyfh
23
vulnerability VCID-znn9-qud3-wqat
24
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.4
1
url pkg:pypi/salt@3000.2
purl pkg:pypi/salt@3000.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-47u4-vdsp-c3ct
3
vulnerability VCID-48r4-3qds-bbhv
4
vulnerability VCID-5hr1-5aec-43h3
5
vulnerability VCID-65p4-5x86-y3fj
6
vulnerability VCID-6cfw-9xe8-43d6
7
vulnerability VCID-8mpz-ke16-fbej
8
vulnerability VCID-a8kw-uehx-xfg5
9
vulnerability VCID-ce2x-ehyk-nufk
10
vulnerability VCID-cubj-wrbp-1qbu
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-j5th-837s-fkft
13
vulnerability VCID-jbea-m4ak-tqd7
14
vulnerability VCID-jyxg-h3a9-8ygv
15
vulnerability VCID-k1gu-khda-jyeb
16
vulnerability VCID-mbpz-g2vs-tqc1
17
vulnerability VCID-neby-tsrt-ryg5
18
vulnerability VCID-nehw-r7zm-j7bb
19
vulnerability VCID-p4xa-ks7v-wbay
20
vulnerability VCID-saff-gz5j-8kex
21
vulnerability VCID-v43a-k2bg-wkbz
22
vulnerability VCID-w2qv-hbsf-xyfh
23
vulnerability VCID-znn9-qud3-wqat
24
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.2
aliases CVE-2020-11652, PYSEC-2020-103
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gafc-bb59-9yhb
24
url VCID-h4tm-9wqz-1qge
vulnerability_id VCID-h4tm-9wqz-1qge
summary An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an active session and salt-api users that authenticate via PAM eauth.
references
0
reference_url https://github.com/advisories/GHSA-fpxm-fprw-6hxj
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-fpxm-fprw-6hxj
1
reference_url https://repo.saltproject.io/
reference_id
reference_type
scores
url https://repo.saltproject.io/
2
reference_url https://saltproject.io/security_announcements/salt-security-advisory-release-june-21st-2022/,
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/salt-security-advisory-release-june-21st-2022/,
fixed_packages
0
url pkg:pypi/salt@3002.9
purl pkg:pypi/salt@3002.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-a8kw-uehx-xfg5
3
vulnerability VCID-ce2x-ehyk-nufk
4
vulnerability VCID-nehw-r7zm-j7bb
5
vulnerability VCID-saff-gz5j-8kex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.9
aliases CVE-2022-22967, GHSA-fpxm-fprw-6hxj, PYSEC-2022-210
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h4tm-9wqz-1qge
25
url VCID-hgv6-czxs-cfbc
vulnerability_id VCID-hgv6-czxs-cfbc
summary Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.
references
0
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872399
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872399
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1482006
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://bugzilla.redhat.com/show_bug.cgi?id=1482006
2
reference_url https://docs.saltstack.com/en/2016.11/topics/releases/2016.11.7.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://docs.saltstack.com/en/2016.11/topics/releases/2016.11.7.html
3
reference_url https://docs.saltstack.com/en/latest/topics/releases/2017.7.1.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://docs.saltstack.com/en/latest/topics/releases/2017.7.1.html
4
reference_url https://github.com/saltstack/salt/pull/42944
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://github.com/saltstack/salt/pull/42944
5
reference_url http://www.securityfocus.com/bid/100384
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url http://www.securityfocus.com/bid/100384
fixed_packages
0
url pkg:pypi/salt@2016.11.7
purl pkg:pypi/salt@2016.11.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-47u4-vdsp-c3ct
3
vulnerability VCID-48r4-3qds-bbhv
4
vulnerability VCID-48tt-fe7z-ybfb
5
vulnerability VCID-58p2-6c4u-tybp
6
vulnerability VCID-5hr1-5aec-43h3
7
vulnerability VCID-65p4-5x86-y3fj
8
vulnerability VCID-6cfw-9xe8-43d6
9
vulnerability VCID-7mam-gwcp-8kdm
10
vulnerability VCID-8mpz-ke16-fbej
11
vulnerability VCID-a8kw-uehx-xfg5
12
vulnerability VCID-ce2x-ehyk-nufk
13
vulnerability VCID-cubj-wrbp-1qbu
14
vulnerability VCID-e6kv-phwy-vfef
15
vulnerability VCID-e8qc-mktf-gyam
16
vulnerability VCID-gafc-bb59-9yhb
17
vulnerability VCID-h4tm-9wqz-1qge
18
vulnerability VCID-j5th-837s-fkft
19
vulnerability VCID-jbea-m4ak-tqd7
20
vulnerability VCID-jyxg-h3a9-8ygv
21
vulnerability VCID-k1gu-khda-jyeb
22
vulnerability VCID-kapu-yvhn-ybhw
23
vulnerability VCID-mbpz-g2vs-tqc1
24
vulnerability VCID-neby-tsrt-ryg5
25
vulnerability VCID-nehw-r7zm-j7bb
26
vulnerability VCID-p4xa-ks7v-wbay
27
vulnerability VCID-qgqk-f1g2-7fbz
28
vulnerability VCID-saff-gz5j-8kex
29
vulnerability VCID-v43a-k2bg-wkbz
30
vulnerability VCID-w2qv-hbsf-xyfh
31
vulnerability VCID-znn9-qud3-wqat
32
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.7
1
url pkg:pypi/salt@2017.7.1
purl pkg:pypi/salt@2017.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-47u4-vdsp-c3ct
3
vulnerability VCID-48r4-3qds-bbhv
4
vulnerability VCID-48tt-fe7z-ybfb
5
vulnerability VCID-58p2-6c4u-tybp
6
vulnerability VCID-5hr1-5aec-43h3
7
vulnerability VCID-65p4-5x86-y3fj
8
vulnerability VCID-6cfw-9xe8-43d6
9
vulnerability VCID-7mam-gwcp-8kdm
10
vulnerability VCID-8mpz-ke16-fbej
11
vulnerability VCID-a8kw-uehx-xfg5
12
vulnerability VCID-ce2x-ehyk-nufk
13
vulnerability VCID-cubj-wrbp-1qbu
14
vulnerability VCID-e6kv-phwy-vfef
15
vulnerability VCID-e8qc-mktf-gyam
16
vulnerability VCID-gafc-bb59-9yhb
17
vulnerability VCID-h4tm-9wqz-1qge
18
vulnerability VCID-j5th-837s-fkft
19
vulnerability VCID-jbea-m4ak-tqd7
20
vulnerability VCID-jyxg-h3a9-8ygv
21
vulnerability VCID-k1gu-khda-jyeb
22
vulnerability VCID-kapu-yvhn-ybhw
23
vulnerability VCID-mbpz-g2vs-tqc1
24
vulnerability VCID-neby-tsrt-ryg5
25
vulnerability VCID-nehw-r7zm-j7bb
26
vulnerability VCID-p4xa-ks7v-wbay
27
vulnerability VCID-qgqk-f1g2-7fbz
28
vulnerability VCID-saff-gz5j-8kex
29
vulnerability VCID-v43a-k2bg-wkbz
30
vulnerability VCID-w2qv-hbsf-xyfh
31
vulnerability VCID-znn9-qud3-wqat
32
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2017.7.1
aliases CVE-2017-12791, PYSEC-2017-151, PYSEC-2017-35
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hgv6-czxs-cfbc
26
url VCID-j5th-837s-fkft
vulnerability_id VCID-j5th-837s-fkft
summary In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html
1
reference_url http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html
2
reference_url https://docs.saltstack.com/en/latest/topics/releases/index.html
reference_id
reference_type
scores
url https://docs.saltstack.com/en/latest/topics/releases/index.html
3
reference_url https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/
5
reference_url https://security.gentoo.org/glsa/202011-13
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202011-13
6
reference_url https://www.debian.org/security/2021/dsa-4837
reference_id
reference_type
scores
url https://www.debian.org/security/2021/dsa-4837
7
reference_url https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
reference_id
reference_type
scores
url https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
fixed_packages
0
url pkg:pypi/salt@2015.8.10
purl pkg:pypi/salt@2015.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xs9-ym4e-fyag
1
vulnerability VCID-47u4-vdsp-c3ct
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8ghn-kbm9-sfas
6
vulnerability VCID-8mpz-ke16-fbej
7
vulnerability VCID-a8kw-uehx-xfg5
8
vulnerability VCID-ce2x-ehyk-nufk
9
vulnerability VCID-e6kv-phwy-vfef
10
vulnerability VCID-e8qc-mktf-gyam
11
vulnerability VCID-gafc-bb59-9yhb
12
vulnerability VCID-h4tm-9wqz-1qge
13
vulnerability VCID-hgv6-czxs-cfbc
14
vulnerability VCID-jyxg-h3a9-8ygv
15
vulnerability VCID-k1gu-khda-jyeb
16
vulnerability VCID-kapu-yvhn-ybhw
17
vulnerability VCID-nehw-r7zm-j7bb
18
vulnerability VCID-qgqk-f1g2-7fbz
19
vulnerability VCID-reer-fk1f-tkbj
20
vulnerability VCID-saff-gz5j-8kex
21
vulnerability VCID-xccs-pwhb-nuce
22
vulnerability VCID-znn9-qud3-wqat
23
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2015.8.10
1
url pkg:pypi/salt@2015.8.13
purl pkg:pypi/salt@2015.8.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8ghn-kbm9-sfas
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-qgqk-f1g2-7fbz
18
vulnerability VCID-saff-gz5j-8kex
19
vulnerability VCID-znn9-qud3-wqat
20
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2015.8.13
2
url pkg:pypi/salt@2016.3.4
purl pkg:pypi/salt@2016.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8ghn-kbm9-sfas
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-qgqk-f1g2-7fbz
18
vulnerability VCID-reer-fk1f-tkbj
19
vulnerability VCID-saff-gz5j-8kex
20
vulnerability VCID-xccs-pwhb-nuce
21
vulnerability VCID-znn9-qud3-wqat
22
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.4
3
url pkg:pypi/salt@2016.3.6
purl pkg:pypi/salt@2016.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e6kv-phwy-vfef
8
vulnerability VCID-e8qc-mktf-gyam
9
vulnerability VCID-gafc-bb59-9yhb
10
vulnerability VCID-h4tm-9wqz-1qge
11
vulnerability VCID-hgv6-czxs-cfbc
12
vulnerability VCID-jyxg-h3a9-8ygv
13
vulnerability VCID-k1gu-khda-jyeb
14
vulnerability VCID-kapu-yvhn-ybhw
15
vulnerability VCID-nehw-r7zm-j7bb
16
vulnerability VCID-qgqk-f1g2-7fbz
17
vulnerability VCID-saff-gz5j-8kex
18
vulnerability VCID-znn9-qud3-wqat
19
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.6
4
url pkg:pypi/salt@2016.3.8
purl pkg:pypi/salt@2016.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-7mam-gwcp-8kdm
3
vulnerability VCID-8mpz-ke16-fbej
4
vulnerability VCID-a8kw-uehx-xfg5
5
vulnerability VCID-ce2x-ehyk-nufk
6
vulnerability VCID-e6kv-phwy-vfef
7
vulnerability VCID-e8qc-mktf-gyam
8
vulnerability VCID-gafc-bb59-9yhb
9
vulnerability VCID-h4tm-9wqz-1qge
10
vulnerability VCID-hgv6-czxs-cfbc
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-nehw-r7zm-j7bb
14
vulnerability VCID-qgqk-f1g2-7fbz
15
vulnerability VCID-saff-gz5j-8kex
16
vulnerability VCID-znn9-qud3-wqat
17
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.8
5
url pkg:pypi/salt@2016.11.3
purl pkg:pypi/salt@2016.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-pr6t-nw24-cfcp
18
vulnerability VCID-qgqk-f1g2-7fbz
19
vulnerability VCID-saff-gz5j-8kex
20
vulnerability VCID-znn9-qud3-wqat
21
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.3
6
url pkg:pypi/salt@2016.11.6
purl pkg:pypi/salt@2016.11.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-qgqk-f1g2-7fbz
18
vulnerability VCID-saff-gz5j-8kex
19
vulnerability VCID-znn9-qud3-wqat
20
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.6
7
url pkg:pypi/salt@2016.11.10
purl pkg:pypi/salt@2016.11.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e6kv-phwy-vfef
8
vulnerability VCID-e8qc-mktf-gyam
9
vulnerability VCID-gafc-bb59-9yhb
10
vulnerability VCID-h4tm-9wqz-1qge
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-nehw-r7zm-j7bb
14
vulnerability VCID-qgqk-f1g2-7fbz
15
vulnerability VCID-saff-gz5j-8kex
16
vulnerability VCID-znn9-qud3-wqat
17
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.10
8
url pkg:pypi/salt@2017.7.4
purl pkg:pypi/salt@2017.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-47u4-vdsp-c3ct
3
vulnerability VCID-48r4-3qds-bbhv
4
vulnerability VCID-48tt-fe7z-ybfb
5
vulnerability VCID-5hr1-5aec-43h3
6
vulnerability VCID-65p4-5x86-y3fj
7
vulnerability VCID-6cfw-9xe8-43d6
8
vulnerability VCID-7mam-gwcp-8kdm
9
vulnerability VCID-8mpz-ke16-fbej
10
vulnerability VCID-a8kw-uehx-xfg5
11
vulnerability VCID-ce2x-ehyk-nufk
12
vulnerability VCID-e6kv-phwy-vfef
13
vulnerability VCID-e8qc-mktf-gyam
14
vulnerability VCID-gafc-bb59-9yhb
15
vulnerability VCID-h4tm-9wqz-1qge
16
vulnerability VCID-jyxg-h3a9-8ygv
17
vulnerability VCID-k1gu-khda-jyeb
18
vulnerability VCID-mbpz-g2vs-tqc1
19
vulnerability VCID-neby-tsrt-ryg5
20
vulnerability VCID-nehw-r7zm-j7bb
21
vulnerability VCID-p4xa-ks7v-wbay
22
vulnerability VCID-qgqk-f1g2-7fbz
23
vulnerability VCID-saff-gz5j-8kex
24
vulnerability VCID-v43a-k2bg-wkbz
25
vulnerability VCID-w2qv-hbsf-xyfh
26
vulnerability VCID-znn9-qud3-wqat
27
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2017.7.4
9
url pkg:pypi/salt@2017.7.8
purl pkg:pypi/salt@2017.7.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e8qc-mktf-gyam
8
vulnerability VCID-gafc-bb59-9yhb
9
vulnerability VCID-h4tm-9wqz-1qge
10
vulnerability VCID-jyxg-h3a9-8ygv
11
vulnerability VCID-k1gu-khda-jyeb
12
vulnerability VCID-nehw-r7zm-j7bb
13
vulnerability VCID-saff-gz5j-8kex
14
vulnerability VCID-znn9-qud3-wqat
15
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2017.7.8
10
url pkg:pypi/salt@2018.3.5
purl pkg:pypi/salt@2018.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-47u4-vdsp-c3ct
3
vulnerability VCID-48r4-3qds-bbhv
4
vulnerability VCID-5hr1-5aec-43h3
5
vulnerability VCID-65p4-5x86-y3fj
6
vulnerability VCID-6cfw-9xe8-43d6
7
vulnerability VCID-7mam-gwcp-8kdm
8
vulnerability VCID-8mpz-ke16-fbej
9
vulnerability VCID-a8kw-uehx-xfg5
10
vulnerability VCID-ce2x-ehyk-nufk
11
vulnerability VCID-e8qc-mktf-gyam
12
vulnerability VCID-gafc-bb59-9yhb
13
vulnerability VCID-h4tm-9wqz-1qge
14
vulnerability VCID-jyxg-h3a9-8ygv
15
vulnerability VCID-k1gu-khda-jyeb
16
vulnerability VCID-mbpz-g2vs-tqc1
17
vulnerability VCID-neby-tsrt-ryg5
18
vulnerability VCID-nehw-r7zm-j7bb
19
vulnerability VCID-p4xa-ks7v-wbay
20
vulnerability VCID-saff-gz5j-8kex
21
vulnerability VCID-v43a-k2bg-wkbz
22
vulnerability VCID-w2qv-hbsf-xyfh
23
vulnerability VCID-znn9-qud3-wqat
24
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2018.3.5
11
url pkg:pypi/salt@2019.2.5
purl pkg:pypi/salt@2019.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.5
12
url pkg:pypi/salt@3000.3
purl pkg:pypi/salt@3000.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-47u4-vdsp-c3ct
3
vulnerability VCID-48r4-3qds-bbhv
4
vulnerability VCID-5hr1-5aec-43h3
5
vulnerability VCID-65p4-5x86-y3fj
6
vulnerability VCID-6cfw-9xe8-43d6
7
vulnerability VCID-8mpz-ke16-fbej
8
vulnerability VCID-a8kw-uehx-xfg5
9
vulnerability VCID-ce2x-ehyk-nufk
10
vulnerability VCID-h4tm-9wqz-1qge
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-mbpz-g2vs-tqc1
14
vulnerability VCID-neby-tsrt-ryg5
15
vulnerability VCID-nehw-r7zm-j7bb
16
vulnerability VCID-p4xa-ks7v-wbay
17
vulnerability VCID-saff-gz5j-8kex
18
vulnerability VCID-v43a-k2bg-wkbz
19
vulnerability VCID-w2qv-hbsf-xyfh
20
vulnerability VCID-znn9-qud3-wqat
21
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.3
aliases CVE-2020-25592, PYSEC-2020-106
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j5th-837s-fkft
27
url VCID-jbea-m4ak-tqd7
vulnerability_id VCID-jbea-m4ak-tqd7
summary The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html
1
reference_url https://docs.saltstack.com/en/latest/topics/releases/index.html#latest-branch-release
reference_id
reference_type
scores
url https://docs.saltstack.com/en/latest/topics/releases/index.html#latest-branch-release
2
reference_url https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/
4
reference_url https://security.gentoo.org/glsa/202011-13
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202011-13
5
reference_url https://www.debian.org/security/2021/dsa-4837
reference_id
reference_type
scores
url https://www.debian.org/security/2021/dsa-4837
6
reference_url https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
reference_id
reference_type
scores
url https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
fixed_packages
0
url pkg:pypi/salt@2015.8.10
purl pkg:pypi/salt@2015.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xs9-ym4e-fyag
1
vulnerability VCID-47u4-vdsp-c3ct
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8ghn-kbm9-sfas
6
vulnerability VCID-8mpz-ke16-fbej
7
vulnerability VCID-a8kw-uehx-xfg5
8
vulnerability VCID-ce2x-ehyk-nufk
9
vulnerability VCID-e6kv-phwy-vfef
10
vulnerability VCID-e8qc-mktf-gyam
11
vulnerability VCID-gafc-bb59-9yhb
12
vulnerability VCID-h4tm-9wqz-1qge
13
vulnerability VCID-hgv6-czxs-cfbc
14
vulnerability VCID-jyxg-h3a9-8ygv
15
vulnerability VCID-k1gu-khda-jyeb
16
vulnerability VCID-kapu-yvhn-ybhw
17
vulnerability VCID-nehw-r7zm-j7bb
18
vulnerability VCID-qgqk-f1g2-7fbz
19
vulnerability VCID-reer-fk1f-tkbj
20
vulnerability VCID-saff-gz5j-8kex
21
vulnerability VCID-xccs-pwhb-nuce
22
vulnerability VCID-znn9-qud3-wqat
23
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2015.8.10
1
url pkg:pypi/salt@2015.8.13
purl pkg:pypi/salt@2015.8.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8ghn-kbm9-sfas
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-qgqk-f1g2-7fbz
18
vulnerability VCID-saff-gz5j-8kex
19
vulnerability VCID-znn9-qud3-wqat
20
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2015.8.13
2
url pkg:pypi/salt@2016.3.4
purl pkg:pypi/salt@2016.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8ghn-kbm9-sfas
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-qgqk-f1g2-7fbz
18
vulnerability VCID-reer-fk1f-tkbj
19
vulnerability VCID-saff-gz5j-8kex
20
vulnerability VCID-xccs-pwhb-nuce
21
vulnerability VCID-znn9-qud3-wqat
22
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.4
3
url pkg:pypi/salt@2016.3.6
purl pkg:pypi/salt@2016.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e6kv-phwy-vfef
8
vulnerability VCID-e8qc-mktf-gyam
9
vulnerability VCID-gafc-bb59-9yhb
10
vulnerability VCID-h4tm-9wqz-1qge
11
vulnerability VCID-hgv6-czxs-cfbc
12
vulnerability VCID-jyxg-h3a9-8ygv
13
vulnerability VCID-k1gu-khda-jyeb
14
vulnerability VCID-kapu-yvhn-ybhw
15
vulnerability VCID-nehw-r7zm-j7bb
16
vulnerability VCID-qgqk-f1g2-7fbz
17
vulnerability VCID-saff-gz5j-8kex
18
vulnerability VCID-znn9-qud3-wqat
19
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.6
4
url pkg:pypi/salt@2016.3.8
purl pkg:pypi/salt@2016.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-7mam-gwcp-8kdm
3
vulnerability VCID-8mpz-ke16-fbej
4
vulnerability VCID-a8kw-uehx-xfg5
5
vulnerability VCID-ce2x-ehyk-nufk
6
vulnerability VCID-e6kv-phwy-vfef
7
vulnerability VCID-e8qc-mktf-gyam
8
vulnerability VCID-gafc-bb59-9yhb
9
vulnerability VCID-h4tm-9wqz-1qge
10
vulnerability VCID-hgv6-czxs-cfbc
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-nehw-r7zm-j7bb
14
vulnerability VCID-qgqk-f1g2-7fbz
15
vulnerability VCID-saff-gz5j-8kex
16
vulnerability VCID-znn9-qud3-wqat
17
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.8
5
url pkg:pypi/salt@2016.11.3
purl pkg:pypi/salt@2016.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-pr6t-nw24-cfcp
18
vulnerability VCID-qgqk-f1g2-7fbz
19
vulnerability VCID-saff-gz5j-8kex
20
vulnerability VCID-znn9-qud3-wqat
21
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.3
6
url pkg:pypi/salt@2016.11.6
purl pkg:pypi/salt@2016.11.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-qgqk-f1g2-7fbz
18
vulnerability VCID-saff-gz5j-8kex
19
vulnerability VCID-znn9-qud3-wqat
20
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.6
7
url pkg:pypi/salt@2016.11.10
purl pkg:pypi/salt@2016.11.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e6kv-phwy-vfef
8
vulnerability VCID-e8qc-mktf-gyam
9
vulnerability VCID-gafc-bb59-9yhb
10
vulnerability VCID-h4tm-9wqz-1qge
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-nehw-r7zm-j7bb
14
vulnerability VCID-qgqk-f1g2-7fbz
15
vulnerability VCID-saff-gz5j-8kex
16
vulnerability VCID-znn9-qud3-wqat
17
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.10
8
url pkg:pypi/salt@2017.7.4
purl pkg:pypi/salt@2017.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-47u4-vdsp-c3ct
3
vulnerability VCID-48r4-3qds-bbhv
4
vulnerability VCID-48tt-fe7z-ybfb
5
vulnerability VCID-5hr1-5aec-43h3
6
vulnerability VCID-65p4-5x86-y3fj
7
vulnerability VCID-6cfw-9xe8-43d6
8
vulnerability VCID-7mam-gwcp-8kdm
9
vulnerability VCID-8mpz-ke16-fbej
10
vulnerability VCID-a8kw-uehx-xfg5
11
vulnerability VCID-ce2x-ehyk-nufk
12
vulnerability VCID-e6kv-phwy-vfef
13
vulnerability VCID-e8qc-mktf-gyam
14
vulnerability VCID-gafc-bb59-9yhb
15
vulnerability VCID-h4tm-9wqz-1qge
16
vulnerability VCID-jyxg-h3a9-8ygv
17
vulnerability VCID-k1gu-khda-jyeb
18
vulnerability VCID-mbpz-g2vs-tqc1
19
vulnerability VCID-neby-tsrt-ryg5
20
vulnerability VCID-nehw-r7zm-j7bb
21
vulnerability VCID-p4xa-ks7v-wbay
22
vulnerability VCID-qgqk-f1g2-7fbz
23
vulnerability VCID-saff-gz5j-8kex
24
vulnerability VCID-v43a-k2bg-wkbz
25
vulnerability VCID-w2qv-hbsf-xyfh
26
vulnerability VCID-znn9-qud3-wqat
27
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2017.7.4
9
url pkg:pypi/salt@2017.7.8
purl pkg:pypi/salt@2017.7.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e8qc-mktf-gyam
8
vulnerability VCID-gafc-bb59-9yhb
9
vulnerability VCID-h4tm-9wqz-1qge
10
vulnerability VCID-jyxg-h3a9-8ygv
11
vulnerability VCID-k1gu-khda-jyeb
12
vulnerability VCID-nehw-r7zm-j7bb
13
vulnerability VCID-saff-gz5j-8kex
14
vulnerability VCID-znn9-qud3-wqat
15
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2017.7.8
10
url pkg:pypi/salt@2018.3.5
purl pkg:pypi/salt@2018.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-47u4-vdsp-c3ct
3
vulnerability VCID-48r4-3qds-bbhv
4
vulnerability VCID-5hr1-5aec-43h3
5
vulnerability VCID-65p4-5x86-y3fj
6
vulnerability VCID-6cfw-9xe8-43d6
7
vulnerability VCID-7mam-gwcp-8kdm
8
vulnerability VCID-8mpz-ke16-fbej
9
vulnerability VCID-a8kw-uehx-xfg5
10
vulnerability VCID-ce2x-ehyk-nufk
11
vulnerability VCID-e8qc-mktf-gyam
12
vulnerability VCID-gafc-bb59-9yhb
13
vulnerability VCID-h4tm-9wqz-1qge
14
vulnerability VCID-jyxg-h3a9-8ygv
15
vulnerability VCID-k1gu-khda-jyeb
16
vulnerability VCID-mbpz-g2vs-tqc1
17
vulnerability VCID-neby-tsrt-ryg5
18
vulnerability VCID-nehw-r7zm-j7bb
19
vulnerability VCID-p4xa-ks7v-wbay
20
vulnerability VCID-saff-gz5j-8kex
21
vulnerability VCID-v43a-k2bg-wkbz
22
vulnerability VCID-w2qv-hbsf-xyfh
23
vulnerability VCID-znn9-qud3-wqat
24
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2018.3.5
11
url pkg:pypi/salt@2019.2.5
purl pkg:pypi/salt@2019.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.5
12
url pkg:pypi/salt@3000.3
purl pkg:pypi/salt@3000.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-47u4-vdsp-c3ct
3
vulnerability VCID-48r4-3qds-bbhv
4
vulnerability VCID-5hr1-5aec-43h3
5
vulnerability VCID-65p4-5x86-y3fj
6
vulnerability VCID-6cfw-9xe8-43d6
7
vulnerability VCID-8mpz-ke16-fbej
8
vulnerability VCID-a8kw-uehx-xfg5
9
vulnerability VCID-ce2x-ehyk-nufk
10
vulnerability VCID-h4tm-9wqz-1qge
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-mbpz-g2vs-tqc1
14
vulnerability VCID-neby-tsrt-ryg5
15
vulnerability VCID-nehw-r7zm-j7bb
16
vulnerability VCID-p4xa-ks7v-wbay
17
vulnerability VCID-saff-gz5j-8kex
18
vulnerability VCID-v43a-k2bg-wkbz
19
vulnerability VCID-w2qv-hbsf-xyfh
20
vulnerability VCID-znn9-qud3-wqat
21
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.3
aliases CVE-2020-17490, PYSEC-2020-105
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jbea-m4ak-tqd7
28
url VCID-jyxg-h3a9-8ygv
vulnerability_id VCID-jyxg-h3a9-8ygv
summary An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisher_acl, if a user configured in the publisher_acl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid, allowing configured users to target any of the minions connected to the syndic with their configured commands. This requires a syndic master combined with publisher_acl configured on the Master-of-Masters, allowing users specified in the publisher_acl to bypass permissions, publishing authorized commands to any configured minion.
references
0
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2022-174.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2022-174.yaml
1
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
url https://github.com/saltstack/salt
2
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.8.rst#L31
reference_id
reference_type
scores
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.8.rst#L31
3
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3003.4.rst#L32
reference_id
reference_type
scores
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3003.4.rst#L32
4
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3004.1.rst#L30
reference_id
reference_type
scores
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3004.1.rst#L30
5
reference_url https://github.com/saltstack/salt/releases,
reference_id
reference_type
scores
url https://github.com/saltstack/salt/releases,
6
reference_url https://repo.saltproject.io
reference_id
reference_type
scores
url https://repo.saltproject.io
7
reference_url https://repo.saltproject.io/
reference_id
reference_type
scores
url https://repo.saltproject.io/
8
reference_url https://saltproject.io/security_announcements/salt-security-advisory-release/,
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/salt-security-advisory-release/,
9
reference_url https://security.gentoo.org/glsa/202310-22
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202310-22
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22941
reference_id CVE-2022-22941
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-22941
11
reference_url https://github.com/advisories/GHSA-qcr3-hr2f-6557
reference_id GHSA-qcr3-hr2f-6557
reference_type
scores
url https://github.com/advisories/GHSA-qcr3-hr2f-6557
fixed_packages
0
url pkg:pypi/salt@3002.8
purl pkg:pypi/salt@3002.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-a8kw-uehx-xfg5
3
vulnerability VCID-ce2x-ehyk-nufk
4
vulnerability VCID-h4tm-9wqz-1qge
5
vulnerability VCID-nehw-r7zm-j7bb
6
vulnerability VCID-saff-gz5j-8kex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.8
1
url pkg:pypi/salt@3003.4
purl pkg:pypi/salt@3003.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ce2x-ehyk-nufk
1
vulnerability VCID-nehw-r7zm-j7bb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3003.4
2
url pkg:pypi/salt@3004.1
purl pkg:pypi/salt@3004.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ce2x-ehyk-nufk
1
vulnerability VCID-nehw-r7zm-j7bb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3004.1
aliases CVE-2022-22941, GHSA-qcr3-hr2f-6557, PYSEC-2022-174
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jyxg-h3a9-8ygv
29
url VCID-k1gu-khda-jyeb
vulnerability_id VCID-k1gu-khda-jyeb
summary An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data.
references
0
reference_url https://blog.cloudflare.com/future-proofing-saltstack
reference_id
reference_type
scores
url https://blog.cloudflare.com/future-proofing-saltstack
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2022-171.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2022-171.yaml
2
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
url https://github.com/saltstack/salt
3
reference_url https://github.com/saltstack/salt/releases
reference_id
reference_type
scores
url https://github.com/saltstack/salt/releases
4
reference_url https://github.com/saltstack/salt/releases,
reference_id
reference_type
scores
url https://github.com/saltstack/salt/releases,
5
reference_url https://repo.saltproject.io
reference_id
reference_type
scores
url https://repo.saltproject.io
6
reference_url https://repo.saltproject.io/
reference_id
reference_type
scores
url https://repo.saltproject.io/
7
reference_url https://saltproject.io/security_announcements/salt-security-advisory-release/,
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/salt-security-advisory-release/,
8
reference_url https://security.gentoo.org/glsa/202310-22
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202310-22
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22934
reference_id CVE-2022-22934
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-22934
10
reference_url https://github.com/advisories/GHSA-2q4g-wfm6-5fpm
reference_id GHSA-2q4g-wfm6-5fpm
reference_type
scores
url https://github.com/advisories/GHSA-2q4g-wfm6-5fpm
fixed_packages
0
url pkg:pypi/salt@3002.8
purl pkg:pypi/salt@3002.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-a8kw-uehx-xfg5
3
vulnerability VCID-ce2x-ehyk-nufk
4
vulnerability VCID-h4tm-9wqz-1qge
5
vulnerability VCID-nehw-r7zm-j7bb
6
vulnerability VCID-saff-gz5j-8kex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.8
1
url pkg:pypi/salt@3003.4
purl pkg:pypi/salt@3003.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ce2x-ehyk-nufk
1
vulnerability VCID-nehw-r7zm-j7bb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3003.4
2
url pkg:pypi/salt@3004.1
purl pkg:pypi/salt@3004.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ce2x-ehyk-nufk
1
vulnerability VCID-nehw-r7zm-j7bb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3004.1
aliases CVE-2022-22934, GHSA-2q4g-wfm6-5fpm, PYSEC-2022-171
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k1gu-khda-jyeb
30
url VCID-kapu-yvhn-ybhw
vulnerability_id VCID-kapu-yvhn-ybhw
summary Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12791.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2017-10/msg00073.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2017-10/msg00073.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2017-10/msg00075.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2017-10/msg00075.html
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1500748
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1500748
3
reference_url https://docs.saltstack.com/en/latest/topics/releases/2016.11.8.html
reference_id
reference_type
scores
url https://docs.saltstack.com/en/latest/topics/releases/2016.11.8.html
4
reference_url https://docs.saltstack.com/en/latest/topics/releases/2016.3.8.html
reference_id
reference_type
scores
url https://docs.saltstack.com/en/latest/topics/releases/2016.3.8.html
5
reference_url https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html
reference_id
reference_type
scores
url https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2017-36.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2017-36.yaml
7
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
url https://github.com/saltstack/salt
8
reference_url https://github.com/saltstack/salt/commit/80d90307b07b3703428ecbb7c8bb468e28a9ae6d
reference_id
reference_type
scores
url https://github.com/saltstack/salt/commit/80d90307b07b3703428ecbb7c8bb468e28a9ae6d
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-14695
reference_id CVE-2017-14695
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-14695
10
reference_url https://github.com/advisories/GHSA-j6gj-pg62-x8j6
reference_id GHSA-j6gj-pg62-x8j6
reference_type
scores
url https://github.com/advisories/GHSA-j6gj-pg62-x8j6
fixed_packages
0
url pkg:pypi/salt@2016.3.8
purl pkg:pypi/salt@2016.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-7mam-gwcp-8kdm
3
vulnerability VCID-8mpz-ke16-fbej
4
vulnerability VCID-a8kw-uehx-xfg5
5
vulnerability VCID-ce2x-ehyk-nufk
6
vulnerability VCID-e6kv-phwy-vfef
7
vulnerability VCID-e8qc-mktf-gyam
8
vulnerability VCID-gafc-bb59-9yhb
9
vulnerability VCID-h4tm-9wqz-1qge
10
vulnerability VCID-hgv6-czxs-cfbc
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-nehw-r7zm-j7bb
14
vulnerability VCID-qgqk-f1g2-7fbz
15
vulnerability VCID-saff-gz5j-8kex
16
vulnerability VCID-znn9-qud3-wqat
17
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.8
1
url pkg:pypi/salt@2016.11.8
purl pkg:pypi/salt@2016.11.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-47u4-vdsp-c3ct
3
vulnerability VCID-48r4-3qds-bbhv
4
vulnerability VCID-48tt-fe7z-ybfb
5
vulnerability VCID-5hr1-5aec-43h3
6
vulnerability VCID-65p4-5x86-y3fj
7
vulnerability VCID-6cfw-9xe8-43d6
8
vulnerability VCID-7mam-gwcp-8kdm
9
vulnerability VCID-8mpz-ke16-fbej
10
vulnerability VCID-a8kw-uehx-xfg5
11
vulnerability VCID-ce2x-ehyk-nufk
12
vulnerability VCID-cubj-wrbp-1qbu
13
vulnerability VCID-e6kv-phwy-vfef
14
vulnerability VCID-e8qc-mktf-gyam
15
vulnerability VCID-gafc-bb59-9yhb
16
vulnerability VCID-h4tm-9wqz-1qge
17
vulnerability VCID-j5th-837s-fkft
18
vulnerability VCID-jbea-m4ak-tqd7
19
vulnerability VCID-jyxg-h3a9-8ygv
20
vulnerability VCID-k1gu-khda-jyeb
21
vulnerability VCID-mbpz-g2vs-tqc1
22
vulnerability VCID-neby-tsrt-ryg5
23
vulnerability VCID-nehw-r7zm-j7bb
24
vulnerability VCID-p4xa-ks7v-wbay
25
vulnerability VCID-qgqk-f1g2-7fbz
26
vulnerability VCID-saff-gz5j-8kex
27
vulnerability VCID-v43a-k2bg-wkbz
28
vulnerability VCID-w2qv-hbsf-xyfh
29
vulnerability VCID-znn9-qud3-wqat
30
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.8
2
url pkg:pypi/salt@2017.7.2
purl pkg:pypi/salt@2017.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-47u4-vdsp-c3ct
3
vulnerability VCID-48r4-3qds-bbhv
4
vulnerability VCID-48tt-fe7z-ybfb
5
vulnerability VCID-5hr1-5aec-43h3
6
vulnerability VCID-65p4-5x86-y3fj
7
vulnerability VCID-6cfw-9xe8-43d6
8
vulnerability VCID-7mam-gwcp-8kdm
9
vulnerability VCID-8mpz-ke16-fbej
10
vulnerability VCID-a8kw-uehx-xfg5
11
vulnerability VCID-ce2x-ehyk-nufk
12
vulnerability VCID-cubj-wrbp-1qbu
13
vulnerability VCID-e6kv-phwy-vfef
14
vulnerability VCID-e8qc-mktf-gyam
15
vulnerability VCID-gafc-bb59-9yhb
16
vulnerability VCID-h4tm-9wqz-1qge
17
vulnerability VCID-j5th-837s-fkft
18
vulnerability VCID-jbea-m4ak-tqd7
19
vulnerability VCID-jyxg-h3a9-8ygv
20
vulnerability VCID-k1gu-khda-jyeb
21
vulnerability VCID-mbpz-g2vs-tqc1
22
vulnerability VCID-neby-tsrt-ryg5
23
vulnerability VCID-nehw-r7zm-j7bb
24
vulnerability VCID-p4xa-ks7v-wbay
25
vulnerability VCID-qgqk-f1g2-7fbz
26
vulnerability VCID-saff-gz5j-8kex
27
vulnerability VCID-v43a-k2bg-wkbz
28
vulnerability VCID-w2qv-hbsf-xyfh
29
vulnerability VCID-znn9-qud3-wqat
30
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2017.7.2
aliases CVE-2017-14695, GHSA-j6gj-pg62-x8j6, PYSEC-2017-36
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kapu-yvhn-ybhw
31
url VCID-mbpz-g2vs-tqc1
vulnerability_id VCID-mbpz-g2vs-tqc1
summary In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.
references
0
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
3
reference_url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
4
reference_url https://security.gentoo.org/glsa/202103-01
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202103-01
fixed_packages
0
url pkg:pypi/salt@2015.8.10
purl pkg:pypi/salt@2015.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xs9-ym4e-fyag
1
vulnerability VCID-47u4-vdsp-c3ct
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8ghn-kbm9-sfas
6
vulnerability VCID-8mpz-ke16-fbej
7
vulnerability VCID-a8kw-uehx-xfg5
8
vulnerability VCID-ce2x-ehyk-nufk
9
vulnerability VCID-e6kv-phwy-vfef
10
vulnerability VCID-e8qc-mktf-gyam
11
vulnerability VCID-gafc-bb59-9yhb
12
vulnerability VCID-h4tm-9wqz-1qge
13
vulnerability VCID-hgv6-czxs-cfbc
14
vulnerability VCID-jyxg-h3a9-8ygv
15
vulnerability VCID-k1gu-khda-jyeb
16
vulnerability VCID-kapu-yvhn-ybhw
17
vulnerability VCID-nehw-r7zm-j7bb
18
vulnerability VCID-qgqk-f1g2-7fbz
19
vulnerability VCID-reer-fk1f-tkbj
20
vulnerability VCID-saff-gz5j-8kex
21
vulnerability VCID-xccs-pwhb-nuce
22
vulnerability VCID-znn9-qud3-wqat
23
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2015.8.10
1
url pkg:pypi/salt@2015.8.13
purl pkg:pypi/salt@2015.8.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8ghn-kbm9-sfas
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-qgqk-f1g2-7fbz
18
vulnerability VCID-saff-gz5j-8kex
19
vulnerability VCID-znn9-qud3-wqat
20
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2015.8.13
2
url pkg:pypi/salt@2016.3.4
purl pkg:pypi/salt@2016.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8ghn-kbm9-sfas
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-qgqk-f1g2-7fbz
18
vulnerability VCID-reer-fk1f-tkbj
19
vulnerability VCID-saff-gz5j-8kex
20
vulnerability VCID-xccs-pwhb-nuce
21
vulnerability VCID-znn9-qud3-wqat
22
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.4
3
url pkg:pypi/salt@2016.3.6
purl pkg:pypi/salt@2016.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e6kv-phwy-vfef
8
vulnerability VCID-e8qc-mktf-gyam
9
vulnerability VCID-gafc-bb59-9yhb
10
vulnerability VCID-h4tm-9wqz-1qge
11
vulnerability VCID-hgv6-czxs-cfbc
12
vulnerability VCID-jyxg-h3a9-8ygv
13
vulnerability VCID-k1gu-khda-jyeb
14
vulnerability VCID-kapu-yvhn-ybhw
15
vulnerability VCID-nehw-r7zm-j7bb
16
vulnerability VCID-qgqk-f1g2-7fbz
17
vulnerability VCID-saff-gz5j-8kex
18
vulnerability VCID-znn9-qud3-wqat
19
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.6
4
url pkg:pypi/salt@2016.3.8
purl pkg:pypi/salt@2016.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-7mam-gwcp-8kdm
3
vulnerability VCID-8mpz-ke16-fbej
4
vulnerability VCID-a8kw-uehx-xfg5
5
vulnerability VCID-ce2x-ehyk-nufk
6
vulnerability VCID-e6kv-phwy-vfef
7
vulnerability VCID-e8qc-mktf-gyam
8
vulnerability VCID-gafc-bb59-9yhb
9
vulnerability VCID-h4tm-9wqz-1qge
10
vulnerability VCID-hgv6-czxs-cfbc
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-nehw-r7zm-j7bb
14
vulnerability VCID-qgqk-f1g2-7fbz
15
vulnerability VCID-saff-gz5j-8kex
16
vulnerability VCID-znn9-qud3-wqat
17
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.8
5
url pkg:pypi/salt@2016.11.3
purl pkg:pypi/salt@2016.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-pr6t-nw24-cfcp
18
vulnerability VCID-qgqk-f1g2-7fbz
19
vulnerability VCID-saff-gz5j-8kex
20
vulnerability VCID-znn9-qud3-wqat
21
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.3
6
url pkg:pypi/salt@2016.11.5
purl pkg:pypi/salt@2016.11.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-cubj-wrbp-1qbu
9
vulnerability VCID-e6kv-phwy-vfef
10
vulnerability VCID-e8qc-mktf-gyam
11
vulnerability VCID-gafc-bb59-9yhb
12
vulnerability VCID-h4tm-9wqz-1qge
13
vulnerability VCID-hgv6-czxs-cfbc
14
vulnerability VCID-j5th-837s-fkft
15
vulnerability VCID-jbea-m4ak-tqd7
16
vulnerability VCID-jyxg-h3a9-8ygv
17
vulnerability VCID-k1gu-khda-jyeb
18
vulnerability VCID-kapu-yvhn-ybhw
19
vulnerability VCID-nehw-r7zm-j7bb
20
vulnerability VCID-qgqk-f1g2-7fbz
21
vulnerability VCID-saff-gz5j-8kex
22
vulnerability VCID-znn9-qud3-wqat
23
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.5
7
url pkg:pypi/salt@2016.11.10
purl pkg:pypi/salt@2016.11.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e6kv-phwy-vfef
8
vulnerability VCID-e8qc-mktf-gyam
9
vulnerability VCID-gafc-bb59-9yhb
10
vulnerability VCID-h4tm-9wqz-1qge
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-nehw-r7zm-j7bb
14
vulnerability VCID-qgqk-f1g2-7fbz
15
vulnerability VCID-saff-gz5j-8kex
16
vulnerability VCID-znn9-qud3-wqat
17
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.10
8
url pkg:pypi/salt@2017.7.8
purl pkg:pypi/salt@2017.7.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e8qc-mktf-gyam
8
vulnerability VCID-gafc-bb59-9yhb
9
vulnerability VCID-h4tm-9wqz-1qge
10
vulnerability VCID-jyxg-h3a9-8ygv
11
vulnerability VCID-k1gu-khda-jyeb
12
vulnerability VCID-nehw-r7zm-j7bb
13
vulnerability VCID-saff-gz5j-8kex
14
vulnerability VCID-znn9-qud3-wqat
15
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2017.7.8
9
url pkg:pypi/salt@2019.2.0rc1
purl pkg:pypi/salt@2019.2.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-7mam-gwcp-8kdm
3
vulnerability VCID-8mpz-ke16-fbej
4
vulnerability VCID-a8kw-uehx-xfg5
5
vulnerability VCID-ce2x-ehyk-nufk
6
vulnerability VCID-e8qc-mktf-gyam
7
vulnerability VCID-gafc-bb59-9yhb
8
vulnerability VCID-h4tm-9wqz-1qge
9
vulnerability VCID-jyxg-h3a9-8ygv
10
vulnerability VCID-k1gu-khda-jyeb
11
vulnerability VCID-nehw-r7zm-j7bb
12
vulnerability VCID-saff-gz5j-8kex
13
vulnerability VCID-znn9-qud3-wqat
14
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.0rc1
10
url pkg:pypi/salt@2019.2.5
purl pkg:pypi/salt@2019.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.5
11
url pkg:pypi/salt@2019.2.8
purl pkg:pypi/salt@2019.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.8
12
url pkg:pypi/salt@3000.6
purl pkg:pypi/salt@3000.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6
13
url pkg:pypi/salt@3001.4
purl pkg:pypi/salt@3001.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4
14
url pkg:pypi/salt@3002.5
purl pkg:pypi/salt@3002.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5
aliases CVE-2020-28972, PYSEC-2021-74
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mbpz-g2vs-tqc1
32
url VCID-neby-tsrt-ryg5
vulnerability_id VCID-neby-tsrt-ryg5
summary An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
references
0
reference_url https://github.com/saltstack/salt/releases
reference_id
reference_type
scores
url https://github.com/saltstack/salt/releases
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
4
reference_url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
5
reference_url https://security.gentoo.org/glsa/202103-01
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202103-01
fixed_packages
0
url pkg:pypi/salt@2015.8.10
purl pkg:pypi/salt@2015.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xs9-ym4e-fyag
1
vulnerability VCID-47u4-vdsp-c3ct
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8ghn-kbm9-sfas
6
vulnerability VCID-8mpz-ke16-fbej
7
vulnerability VCID-a8kw-uehx-xfg5
8
vulnerability VCID-ce2x-ehyk-nufk
9
vulnerability VCID-e6kv-phwy-vfef
10
vulnerability VCID-e8qc-mktf-gyam
11
vulnerability VCID-gafc-bb59-9yhb
12
vulnerability VCID-h4tm-9wqz-1qge
13
vulnerability VCID-hgv6-czxs-cfbc
14
vulnerability VCID-jyxg-h3a9-8ygv
15
vulnerability VCID-k1gu-khda-jyeb
16
vulnerability VCID-kapu-yvhn-ybhw
17
vulnerability VCID-nehw-r7zm-j7bb
18
vulnerability VCID-qgqk-f1g2-7fbz
19
vulnerability VCID-reer-fk1f-tkbj
20
vulnerability VCID-saff-gz5j-8kex
21
vulnerability VCID-xccs-pwhb-nuce
22
vulnerability VCID-znn9-qud3-wqat
23
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2015.8.10
1
url pkg:pypi/salt@2015.8.13
purl pkg:pypi/salt@2015.8.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8ghn-kbm9-sfas
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-qgqk-f1g2-7fbz
18
vulnerability VCID-saff-gz5j-8kex
19
vulnerability VCID-znn9-qud3-wqat
20
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2015.8.13
2
url pkg:pypi/salt@2016.3.4
purl pkg:pypi/salt@2016.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8ghn-kbm9-sfas
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-qgqk-f1g2-7fbz
18
vulnerability VCID-reer-fk1f-tkbj
19
vulnerability VCID-saff-gz5j-8kex
20
vulnerability VCID-xccs-pwhb-nuce
21
vulnerability VCID-znn9-qud3-wqat
22
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.4
3
url pkg:pypi/salt@2016.3.6
purl pkg:pypi/salt@2016.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e6kv-phwy-vfef
8
vulnerability VCID-e8qc-mktf-gyam
9
vulnerability VCID-gafc-bb59-9yhb
10
vulnerability VCID-h4tm-9wqz-1qge
11
vulnerability VCID-hgv6-czxs-cfbc
12
vulnerability VCID-jyxg-h3a9-8ygv
13
vulnerability VCID-k1gu-khda-jyeb
14
vulnerability VCID-kapu-yvhn-ybhw
15
vulnerability VCID-nehw-r7zm-j7bb
16
vulnerability VCID-qgqk-f1g2-7fbz
17
vulnerability VCID-saff-gz5j-8kex
18
vulnerability VCID-znn9-qud3-wqat
19
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.6
4
url pkg:pypi/salt@2016.3.8
purl pkg:pypi/salt@2016.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-7mam-gwcp-8kdm
3
vulnerability VCID-8mpz-ke16-fbej
4
vulnerability VCID-a8kw-uehx-xfg5
5
vulnerability VCID-ce2x-ehyk-nufk
6
vulnerability VCID-e6kv-phwy-vfef
7
vulnerability VCID-e8qc-mktf-gyam
8
vulnerability VCID-gafc-bb59-9yhb
9
vulnerability VCID-h4tm-9wqz-1qge
10
vulnerability VCID-hgv6-czxs-cfbc
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-nehw-r7zm-j7bb
14
vulnerability VCID-qgqk-f1g2-7fbz
15
vulnerability VCID-saff-gz5j-8kex
16
vulnerability VCID-znn9-qud3-wqat
17
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.8
5
url pkg:pypi/salt@2016.11.3
purl pkg:pypi/salt@2016.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-pr6t-nw24-cfcp
18
vulnerability VCID-qgqk-f1g2-7fbz
19
vulnerability VCID-saff-gz5j-8kex
20
vulnerability VCID-znn9-qud3-wqat
21
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.3
6
url pkg:pypi/salt@2016.11.5
purl pkg:pypi/salt@2016.11.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-cubj-wrbp-1qbu
9
vulnerability VCID-e6kv-phwy-vfef
10
vulnerability VCID-e8qc-mktf-gyam
11
vulnerability VCID-gafc-bb59-9yhb
12
vulnerability VCID-h4tm-9wqz-1qge
13
vulnerability VCID-hgv6-czxs-cfbc
14
vulnerability VCID-j5th-837s-fkft
15
vulnerability VCID-jbea-m4ak-tqd7
16
vulnerability VCID-jyxg-h3a9-8ygv
17
vulnerability VCID-k1gu-khda-jyeb
18
vulnerability VCID-kapu-yvhn-ybhw
19
vulnerability VCID-nehw-r7zm-j7bb
20
vulnerability VCID-qgqk-f1g2-7fbz
21
vulnerability VCID-saff-gz5j-8kex
22
vulnerability VCID-znn9-qud3-wqat
23
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.5
7
url pkg:pypi/salt@2016.11.10
purl pkg:pypi/salt@2016.11.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e6kv-phwy-vfef
8
vulnerability VCID-e8qc-mktf-gyam
9
vulnerability VCID-gafc-bb59-9yhb
10
vulnerability VCID-h4tm-9wqz-1qge
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-nehw-r7zm-j7bb
14
vulnerability VCID-qgqk-f1g2-7fbz
15
vulnerability VCID-saff-gz5j-8kex
16
vulnerability VCID-znn9-qud3-wqat
17
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.10
8
url pkg:pypi/salt@2017.7.8
purl pkg:pypi/salt@2017.7.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e8qc-mktf-gyam
8
vulnerability VCID-gafc-bb59-9yhb
9
vulnerability VCID-h4tm-9wqz-1qge
10
vulnerability VCID-jyxg-h3a9-8ygv
11
vulnerability VCID-k1gu-khda-jyeb
12
vulnerability VCID-nehw-r7zm-j7bb
13
vulnerability VCID-saff-gz5j-8kex
14
vulnerability VCID-znn9-qud3-wqat
15
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2017.7.8
9
url pkg:pypi/salt@2019.2.0rc1
purl pkg:pypi/salt@2019.2.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-7mam-gwcp-8kdm
3
vulnerability VCID-8mpz-ke16-fbej
4
vulnerability VCID-a8kw-uehx-xfg5
5
vulnerability VCID-ce2x-ehyk-nufk
6
vulnerability VCID-e8qc-mktf-gyam
7
vulnerability VCID-gafc-bb59-9yhb
8
vulnerability VCID-h4tm-9wqz-1qge
9
vulnerability VCID-jyxg-h3a9-8ygv
10
vulnerability VCID-k1gu-khda-jyeb
11
vulnerability VCID-nehw-r7zm-j7bb
12
vulnerability VCID-saff-gz5j-8kex
13
vulnerability VCID-znn9-qud3-wqat
14
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.0rc1
10
url pkg:pypi/salt@2019.2.5
purl pkg:pypi/salt@2019.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.5
11
url pkg:pypi/salt@2019.2.8
purl pkg:pypi/salt@2019.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.8
12
url pkg:pypi/salt@3000.6
purl pkg:pypi/salt@3000.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6
13
url pkg:pypi/salt@3001.4
purl pkg:pypi/salt@3001.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4
14
url pkg:pypi/salt@3002.5
purl pkg:pypi/salt@3002.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5
aliases CVE-2021-25284, PYSEC-2021-53
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-neby-tsrt-ryg5
33
url VCID-nehw-r7zm-j7bb
vulnerability_id VCID-nehw-r7zm-j7bb
summary Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted.
references
0
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2023-166.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2023-166.yaml
1
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
url https://github.com/saltstack/salt
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OMWJIHQZXHK6FH2E3IWAZCYIRI7FLVOL
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OMWJIHQZXHK6FH2E3IWAZCYIRI7FLVOL
3
reference_url https://saltproject.io/security-announcements/2023-08-10-advisory
reference_id
reference_type
scores
url https://saltproject.io/security-announcements/2023-08-10-advisory
4
reference_url https://saltproject.io/security-announcements/2023-08-10-advisory/
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://saltproject.io/security-announcements/2023-08-10-advisory/
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-20897
reference_id CVE-2023-20897
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-20897
6
reference_url https://github.com/advisories/GHSA-vpjg-wmf8-29h9
reference_id GHSA-vpjg-wmf8-29h9
reference_type
scores
url https://github.com/advisories/GHSA-vpjg-wmf8-29h9
fixed_packages
0
url pkg:pypi/salt@3005.2
purl pkg:pypi/salt@3005.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3005.2
1
url pkg:pypi/salt@3006.2
purl pkg:pypi/salt@3006.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.2
aliases CVE-2023-20897, GHSA-vpjg-wmf8-29h9, PYSEC-2023-166
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nehw-r7zm-j7bb
34
url VCID-p4xa-ks7v-wbay
vulnerability_id VCID-p4xa-ks7v-wbay
summary An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.
references
0
reference_url http://packetstormsecurity.com/files/162058/SaltStack-Salt-API-Unauthenticated-Remote-Command-Execution.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/162058/SaltStack-Salt-API-Unauthenticated-Remote-Command-Execution.html
1
reference_url https://github.com/saltstack/salt/releases
reference_id
reference_type
scores
url https://github.com/saltstack/salt/releases
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
5
reference_url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
6
reference_url https://security.gentoo.org/glsa/202103-01
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202103-01
7
reference_url https://www.saltstack.com/blog/active-saltstack-cve-announced-2021-jan-21/
reference_id
reference_type
scores
url https://www.saltstack.com/blog/active-saltstack-cve-announced-2021-jan-21/
fixed_packages
0
url pkg:pypi/salt@2015.8.10
purl pkg:pypi/salt@2015.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xs9-ym4e-fyag
1
vulnerability VCID-47u4-vdsp-c3ct
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8ghn-kbm9-sfas
6
vulnerability VCID-8mpz-ke16-fbej
7
vulnerability VCID-a8kw-uehx-xfg5
8
vulnerability VCID-ce2x-ehyk-nufk
9
vulnerability VCID-e6kv-phwy-vfef
10
vulnerability VCID-e8qc-mktf-gyam
11
vulnerability VCID-gafc-bb59-9yhb
12
vulnerability VCID-h4tm-9wqz-1qge
13
vulnerability VCID-hgv6-czxs-cfbc
14
vulnerability VCID-jyxg-h3a9-8ygv
15
vulnerability VCID-k1gu-khda-jyeb
16
vulnerability VCID-kapu-yvhn-ybhw
17
vulnerability VCID-nehw-r7zm-j7bb
18
vulnerability VCID-qgqk-f1g2-7fbz
19
vulnerability VCID-reer-fk1f-tkbj
20
vulnerability VCID-saff-gz5j-8kex
21
vulnerability VCID-xccs-pwhb-nuce
22
vulnerability VCID-znn9-qud3-wqat
23
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2015.8.10
1
url pkg:pypi/salt@2015.8.13
purl pkg:pypi/salt@2015.8.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8ghn-kbm9-sfas
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-qgqk-f1g2-7fbz
18
vulnerability VCID-saff-gz5j-8kex
19
vulnerability VCID-znn9-qud3-wqat
20
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2015.8.13
2
url pkg:pypi/salt@2016.3.4
purl pkg:pypi/salt@2016.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8ghn-kbm9-sfas
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-qgqk-f1g2-7fbz
18
vulnerability VCID-reer-fk1f-tkbj
19
vulnerability VCID-saff-gz5j-8kex
20
vulnerability VCID-xccs-pwhb-nuce
21
vulnerability VCID-znn9-qud3-wqat
22
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.4
3
url pkg:pypi/salt@2016.3.6
purl pkg:pypi/salt@2016.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e6kv-phwy-vfef
8
vulnerability VCID-e8qc-mktf-gyam
9
vulnerability VCID-gafc-bb59-9yhb
10
vulnerability VCID-h4tm-9wqz-1qge
11
vulnerability VCID-hgv6-czxs-cfbc
12
vulnerability VCID-jyxg-h3a9-8ygv
13
vulnerability VCID-k1gu-khda-jyeb
14
vulnerability VCID-kapu-yvhn-ybhw
15
vulnerability VCID-nehw-r7zm-j7bb
16
vulnerability VCID-qgqk-f1g2-7fbz
17
vulnerability VCID-saff-gz5j-8kex
18
vulnerability VCID-znn9-qud3-wqat
19
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.6
4
url pkg:pypi/salt@2016.3.8
purl pkg:pypi/salt@2016.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-7mam-gwcp-8kdm
3
vulnerability VCID-8mpz-ke16-fbej
4
vulnerability VCID-a8kw-uehx-xfg5
5
vulnerability VCID-ce2x-ehyk-nufk
6
vulnerability VCID-e6kv-phwy-vfef
7
vulnerability VCID-e8qc-mktf-gyam
8
vulnerability VCID-gafc-bb59-9yhb
9
vulnerability VCID-h4tm-9wqz-1qge
10
vulnerability VCID-hgv6-czxs-cfbc
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-nehw-r7zm-j7bb
14
vulnerability VCID-qgqk-f1g2-7fbz
15
vulnerability VCID-saff-gz5j-8kex
16
vulnerability VCID-znn9-qud3-wqat
17
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.8
5
url pkg:pypi/salt@2016.11.3
purl pkg:pypi/salt@2016.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-pr6t-nw24-cfcp
18
vulnerability VCID-qgqk-f1g2-7fbz
19
vulnerability VCID-saff-gz5j-8kex
20
vulnerability VCID-znn9-qud3-wqat
21
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.3
6
url pkg:pypi/salt@2016.11.5
purl pkg:pypi/salt@2016.11.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-cubj-wrbp-1qbu
9
vulnerability VCID-e6kv-phwy-vfef
10
vulnerability VCID-e8qc-mktf-gyam
11
vulnerability VCID-gafc-bb59-9yhb
12
vulnerability VCID-h4tm-9wqz-1qge
13
vulnerability VCID-hgv6-czxs-cfbc
14
vulnerability VCID-j5th-837s-fkft
15
vulnerability VCID-jbea-m4ak-tqd7
16
vulnerability VCID-jyxg-h3a9-8ygv
17
vulnerability VCID-k1gu-khda-jyeb
18
vulnerability VCID-kapu-yvhn-ybhw
19
vulnerability VCID-nehw-r7zm-j7bb
20
vulnerability VCID-qgqk-f1g2-7fbz
21
vulnerability VCID-saff-gz5j-8kex
22
vulnerability VCID-znn9-qud3-wqat
23
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.5
7
url pkg:pypi/salt@2016.11.10
purl pkg:pypi/salt@2016.11.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e6kv-phwy-vfef
8
vulnerability VCID-e8qc-mktf-gyam
9
vulnerability VCID-gafc-bb59-9yhb
10
vulnerability VCID-h4tm-9wqz-1qge
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-nehw-r7zm-j7bb
14
vulnerability VCID-qgqk-f1g2-7fbz
15
vulnerability VCID-saff-gz5j-8kex
16
vulnerability VCID-znn9-qud3-wqat
17
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.10
8
url pkg:pypi/salt@2017.7.8
purl pkg:pypi/salt@2017.7.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e8qc-mktf-gyam
8
vulnerability VCID-gafc-bb59-9yhb
9
vulnerability VCID-h4tm-9wqz-1qge
10
vulnerability VCID-jyxg-h3a9-8ygv
11
vulnerability VCID-k1gu-khda-jyeb
12
vulnerability VCID-nehw-r7zm-j7bb
13
vulnerability VCID-saff-gz5j-8kex
14
vulnerability VCID-znn9-qud3-wqat
15
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2017.7.8
9
url pkg:pypi/salt@2019.2.0rc1
purl pkg:pypi/salt@2019.2.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-7mam-gwcp-8kdm
3
vulnerability VCID-8mpz-ke16-fbej
4
vulnerability VCID-a8kw-uehx-xfg5
5
vulnerability VCID-ce2x-ehyk-nufk
6
vulnerability VCID-e8qc-mktf-gyam
7
vulnerability VCID-gafc-bb59-9yhb
8
vulnerability VCID-h4tm-9wqz-1qge
9
vulnerability VCID-jyxg-h3a9-8ygv
10
vulnerability VCID-k1gu-khda-jyeb
11
vulnerability VCID-nehw-r7zm-j7bb
12
vulnerability VCID-saff-gz5j-8kex
13
vulnerability VCID-znn9-qud3-wqat
14
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.0rc1
10
url pkg:pypi/salt@2019.2.5
purl pkg:pypi/salt@2019.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.5
11
url pkg:pypi/salt@2019.2.8
purl pkg:pypi/salt@2019.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.8
12
url pkg:pypi/salt@3000.6
purl pkg:pypi/salt@3000.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6
13
url pkg:pypi/salt@3001.4
purl pkg:pypi/salt@3001.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4
14
url pkg:pypi/salt@3002.5
purl pkg:pypi/salt@3002.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5
aliases CVE-2021-25281, PYSEC-2021-50
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p4xa-ks7v-wbay
35
url VCID-qgqk-f1g2-7fbz
vulnerability_id VCID-qgqk-f1g2-7fbz
summary Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html
1
reference_url https://docs.saltstack.com/en/2017.7/topics/releases/2017.7.8.html
reference_id
reference_type
scores
url https://docs.saltstack.com/en/2017.7/topics/releases/2017.7.8.html
2
reference_url https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html
reference_id
reference_type
scores
url https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2018-29.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2018-29.yaml
4
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
url https://github.com/saltstack/salt
5
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/2016.11.10.rst#L15
reference_id
reference_type
scores
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/2016.11.10.rst#L15
6
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/2017.7.8.rst#L28
reference_id
reference_type
scores
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/2017.7.8.rst#L28
7
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/2018.3.3.rst#L58
reference_id
reference_type
scores
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/2018.3.3.rst#L58
8
reference_url https://groups.google.com/d/msg/salt-users/dimVF7rpphY/jn3Xv3MbBQAJ
reference_id
reference_type
scores
url https://groups.google.com/d/msg/salt-users/dimVF7rpphY/jn3Xv3MbBQAJ
9
reference_url https://groups.google.com/d/msg/salt-users/L9xqcJ0UXxs/qgDj42obBQAJ
reference_id
reference_type
scores
url https://groups.google.com/d/msg/salt-users/L9xqcJ0UXxs/qgDj42obBQAJ
10
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00024.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/07/msg00024.html
11
reference_url https://usn.ubuntu.com/4459-1
reference_id
reference_type
scores
url https://usn.ubuntu.com/4459-1
12
reference_url https://usn.ubuntu.com/4459-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4459-1/
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-15750
reference_id CVE-2018-15750
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-15750
14
reference_url https://github.com/advisories/GHSA-jx34-pppm-gjvr
reference_id GHSA-jx34-pppm-gjvr
reference_type
scores
url https://github.com/advisories/GHSA-jx34-pppm-gjvr
fixed_packages
0
url pkg:pypi/salt@2016.11.10
purl pkg:pypi/salt@2016.11.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e6kv-phwy-vfef
8
vulnerability VCID-e8qc-mktf-gyam
9
vulnerability VCID-gafc-bb59-9yhb
10
vulnerability VCID-h4tm-9wqz-1qge
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-nehw-r7zm-j7bb
14
vulnerability VCID-qgqk-f1g2-7fbz
15
vulnerability VCID-saff-gz5j-8kex
16
vulnerability VCID-znn9-qud3-wqat
17
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.10
1
url pkg:pypi/salt@2017.7.8
purl pkg:pypi/salt@2017.7.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e8qc-mktf-gyam
8
vulnerability VCID-gafc-bb59-9yhb
9
vulnerability VCID-h4tm-9wqz-1qge
10
vulnerability VCID-jyxg-h3a9-8ygv
11
vulnerability VCID-k1gu-khda-jyeb
12
vulnerability VCID-nehw-r7zm-j7bb
13
vulnerability VCID-saff-gz5j-8kex
14
vulnerability VCID-znn9-qud3-wqat
15
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2017.7.8
2
url pkg:pypi/salt@2018.3.3
purl pkg:pypi/salt@2018.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-47u4-vdsp-c3ct
3
vulnerability VCID-48r4-3qds-bbhv
4
vulnerability VCID-48tt-fe7z-ybfb
5
vulnerability VCID-5hr1-5aec-43h3
6
vulnerability VCID-65p4-5x86-y3fj
7
vulnerability VCID-6cfw-9xe8-43d6
8
vulnerability VCID-7mam-gwcp-8kdm
9
vulnerability VCID-8mpz-ke16-fbej
10
vulnerability VCID-a8kw-uehx-xfg5
11
vulnerability VCID-ce2x-ehyk-nufk
12
vulnerability VCID-cubj-wrbp-1qbu
13
vulnerability VCID-e8qc-mktf-gyam
14
vulnerability VCID-gafc-bb59-9yhb
15
vulnerability VCID-h4tm-9wqz-1qge
16
vulnerability VCID-j5th-837s-fkft
17
vulnerability VCID-jbea-m4ak-tqd7
18
vulnerability VCID-jyxg-h3a9-8ygv
19
vulnerability VCID-k1gu-khda-jyeb
20
vulnerability VCID-mbpz-g2vs-tqc1
21
vulnerability VCID-neby-tsrt-ryg5
22
vulnerability VCID-nehw-r7zm-j7bb
23
vulnerability VCID-p4xa-ks7v-wbay
24
vulnerability VCID-saff-gz5j-8kex
25
vulnerability VCID-v43a-k2bg-wkbz
26
vulnerability VCID-w2qv-hbsf-xyfh
27
vulnerability VCID-znn9-qud3-wqat
28
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2018.3.3
aliases CVE-2018-15750, GHSA-jx34-pppm-gjvr, PYSEC-2018-29
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qgqk-f1g2-7fbz
36
url VCID-reer-fk1f-tkbj
vulnerability_id VCID-reer-fk1f-tkbj
summary Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.
references
0
reference_url https://docs.saltstack.com/en/2016.3/topics/releases/2015.8.13.html
reference_id
reference_type
scores
url https://docs.saltstack.com/en/2016.3/topics/releases/2015.8.13.html
1
reference_url https://docs.saltstack.com/en/2016.3/topics/releases/2016.3.5.html
reference_id
reference_type
scores
url https://docs.saltstack.com/en/2016.3/topics/releases/2016.3.5.html
2
reference_url https://docs.saltstack.com/en/latest/topics/releases/2016.11.2.html
reference_id
reference_type
scores
url https://docs.saltstack.com/en/latest/topics/releases/2016.11.2.html
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2017-39.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2017-39.yaml
4
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
url https://github.com/saltstack/salt
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-5200
reference_id CVE-2017-5200
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-5200
6
reference_url https://github.com/advisories/GHSA-8r7r-x48r-pf8f
reference_id GHSA-8r7r-x48r-pf8f
reference_type
scores
url https://github.com/advisories/GHSA-8r7r-x48r-pf8f
fixed_packages
0
url pkg:pypi/salt@2015.8.13
purl pkg:pypi/salt@2015.8.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8ghn-kbm9-sfas
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-qgqk-f1g2-7fbz
18
vulnerability VCID-saff-gz5j-8kex
19
vulnerability VCID-znn9-qud3-wqat
20
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2015.8.13
1
url pkg:pypi/salt@2016.3.5
purl pkg:pypi/salt@2016.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-47u4-vdsp-c3ct
3
vulnerability VCID-48tt-fe7z-ybfb
4
vulnerability VCID-58p2-6c4u-tybp
5
vulnerability VCID-5hr1-5aec-43h3
6
vulnerability VCID-65p4-5x86-y3fj
7
vulnerability VCID-6cfw-9xe8-43d6
8
vulnerability VCID-7mam-gwcp-8kdm
9
vulnerability VCID-8ghn-kbm9-sfas
10
vulnerability VCID-8mpz-ke16-fbej
11
vulnerability VCID-a8kw-uehx-xfg5
12
vulnerability VCID-ce2x-ehyk-nufk
13
vulnerability VCID-cubj-wrbp-1qbu
14
vulnerability VCID-e6kv-phwy-vfef
15
vulnerability VCID-e8qc-mktf-gyam
16
vulnerability VCID-gafc-bb59-9yhb
17
vulnerability VCID-h4tm-9wqz-1qge
18
vulnerability VCID-hgv6-czxs-cfbc
19
vulnerability VCID-j5th-837s-fkft
20
vulnerability VCID-jbea-m4ak-tqd7
21
vulnerability VCID-jyxg-h3a9-8ygv
22
vulnerability VCID-k1gu-khda-jyeb
23
vulnerability VCID-kapu-yvhn-ybhw
24
vulnerability VCID-mbpz-g2vs-tqc1
25
vulnerability VCID-neby-tsrt-ryg5
26
vulnerability VCID-nehw-r7zm-j7bb
27
vulnerability VCID-p4xa-ks7v-wbay
28
vulnerability VCID-qgqk-f1g2-7fbz
29
vulnerability VCID-saff-gz5j-8kex
30
vulnerability VCID-v43a-k2bg-wkbz
31
vulnerability VCID-w2qv-hbsf-xyfh
32
vulnerability VCID-znn9-qud3-wqat
33
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.5
2
url pkg:pypi/salt@2016.11.2
purl pkg:pypi/salt@2016.11.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-47u4-vdsp-c3ct
3
vulnerability VCID-48r4-3qds-bbhv
4
vulnerability VCID-48tt-fe7z-ybfb
5
vulnerability VCID-58p2-6c4u-tybp
6
vulnerability VCID-5hr1-5aec-43h3
7
vulnerability VCID-65p4-5x86-y3fj
8
vulnerability VCID-6cfw-9xe8-43d6
9
vulnerability VCID-7mam-gwcp-8kdm
10
vulnerability VCID-8mpz-ke16-fbej
11
vulnerability VCID-a8kw-uehx-xfg5
12
vulnerability VCID-ce2x-ehyk-nufk
13
vulnerability VCID-cubj-wrbp-1qbu
14
vulnerability VCID-e6kv-phwy-vfef
15
vulnerability VCID-e8qc-mktf-gyam
16
vulnerability VCID-gafc-bb59-9yhb
17
vulnerability VCID-h4tm-9wqz-1qge
18
vulnerability VCID-hgv6-czxs-cfbc
19
vulnerability VCID-j5th-837s-fkft
20
vulnerability VCID-jbea-m4ak-tqd7
21
vulnerability VCID-jyxg-h3a9-8ygv
22
vulnerability VCID-k1gu-khda-jyeb
23
vulnerability VCID-kapu-yvhn-ybhw
24
vulnerability VCID-mbpz-g2vs-tqc1
25
vulnerability VCID-neby-tsrt-ryg5
26
vulnerability VCID-nehw-r7zm-j7bb
27
vulnerability VCID-p4xa-ks7v-wbay
28
vulnerability VCID-pr6t-nw24-cfcp
29
vulnerability VCID-qgqk-f1g2-7fbz
30
vulnerability VCID-saff-gz5j-8kex
31
vulnerability VCID-v43a-k2bg-wkbz
32
vulnerability VCID-w2qv-hbsf-xyfh
33
vulnerability VCID-znn9-qud3-wqat
34
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.2
aliases CVE-2017-5200, GHSA-8r7r-x48r-pf8f, PYSEC-2017-39
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-reer-fk1f-tkbj
37
url VCID-saff-gz5j-8kex
vulnerability_id VCID-saff-gz5j-8kex
summary Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file.
references
0
reference_url https://github.com/saltstack/salt/blob/master/salt/modules/status.py
reference_id
reference_type
scores
url https://github.com/saltstack/salt/blob/master/salt/modules/status.py
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33226
reference_id CVE-2021-33226
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-33226
fixed_packages
0
url pkg:pypi/salt@3003.1
purl pkg:pypi/salt@3003.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-a8kw-uehx-xfg5
2
vulnerability VCID-ce2x-ehyk-nufk
3
vulnerability VCID-nehw-r7zm-j7bb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3003.1
aliases CVE-2021-33226, PYSEC-2023-47
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-saff-gz5j-8kex
38
url VCID-u5sa-wp1e-wyhg
vulnerability_id VCID-u5sa-wp1e-wyhg
summary modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175568.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175568.html
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1212784
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1212784
2
reference_url https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.html
reference_id
reference_type
scores
url https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.html
3
reference_url https://github.com/saltstack/salt/commit/e11298d7155e9982749483ca5538e46090caef9c
reference_id
reference_type
scores
url https://github.com/saltstack/salt/commit/e11298d7155e9982749483ca5538e46090caef9c
fixed_packages
0
url pkg:pypi/salt@2014.7.4
purl pkg:pypi/salt@2014.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-3xs9-ym4e-fyag
3
vulnerability VCID-47u4-vdsp-c3ct
4
vulnerability VCID-48tt-fe7z-ybfb
5
vulnerability VCID-58p2-6c4u-tybp
6
vulnerability VCID-5hr1-5aec-43h3
7
vulnerability VCID-5w26-jb3k-u3b7
8
vulnerability VCID-65p4-5x86-y3fj
9
vulnerability VCID-6cfw-9xe8-43d6
10
vulnerability VCID-7mam-gwcp-8kdm
11
vulnerability VCID-8ghn-kbm9-sfas
12
vulnerability VCID-8mpz-ke16-fbej
13
vulnerability VCID-a8kw-uehx-xfg5
14
vulnerability VCID-az3x-2atn-pqh4
15
vulnerability VCID-bxh1-y9mk-3ygg
16
vulnerability VCID-ce2x-ehyk-nufk
17
vulnerability VCID-cubj-wrbp-1qbu
18
vulnerability VCID-e6kv-phwy-vfef
19
vulnerability VCID-e8qc-mktf-gyam
20
vulnerability VCID-gafc-bb59-9yhb
21
vulnerability VCID-h4tm-9wqz-1qge
22
vulnerability VCID-hgv6-czxs-cfbc
23
vulnerability VCID-j5th-837s-fkft
24
vulnerability VCID-jbea-m4ak-tqd7
25
vulnerability VCID-jyxg-h3a9-8ygv
26
vulnerability VCID-k1gu-khda-jyeb
27
vulnerability VCID-kapu-yvhn-ybhw
28
vulnerability VCID-mbpz-g2vs-tqc1
29
vulnerability VCID-neby-tsrt-ryg5
30
vulnerability VCID-nehw-r7zm-j7bb
31
vulnerability VCID-p4xa-ks7v-wbay
32
vulnerability VCID-qgqk-f1g2-7fbz
33
vulnerability VCID-reer-fk1f-tkbj
34
vulnerability VCID-saff-gz5j-8kex
35
vulnerability VCID-v43a-k2bg-wkbz
36
vulnerability VCID-w2qv-hbsf-xyfh
37
vulnerability VCID-xccs-pwhb-nuce
38
vulnerability VCID-xfnm-yvm9-73az
39
vulnerability VCID-znn9-qud3-wqat
40
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2014.7.4
aliases CVE-2015-1838, PYSEC-2017-29
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u5sa-wp1e-wyhg
39
url VCID-uwr9-v56j-cuak
vulnerability_id VCID-uwr9-v56j-cuak
summary Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to be loaded has already been determined to be safe.
references
0
reference_url http://docs.saltstack.com/topics/releases/0.17.1.html
reference_id
reference_type
scores
url http://docs.saltstack.com/topics/releases/0.17.1.html
1
reference_url http://www.openwall.com/lists/oss-security/2013/10/18/3
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2013/10/18/3
fixed_packages
0
url pkg:pypi/salt@0.17.1
purl pkg:pypi/salt@0.17.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-3xs9-ym4e-fyag
3
vulnerability VCID-47u4-vdsp-c3ct
4
vulnerability VCID-48tt-fe7z-ybfb
5
vulnerability VCID-58p2-6c4u-tybp
6
vulnerability VCID-5hr1-5aec-43h3
7
vulnerability VCID-5w26-jb3k-u3b7
8
vulnerability VCID-65p4-5x86-y3fj
9
vulnerability VCID-6cfw-9xe8-43d6
10
vulnerability VCID-7mam-gwcp-8kdm
11
vulnerability VCID-8ghn-kbm9-sfas
12
vulnerability VCID-8jkp-8ngh-9bcd
13
vulnerability VCID-8mpz-ke16-fbej
14
vulnerability VCID-a8kw-uehx-xfg5
15
vulnerability VCID-az3x-2atn-pqh4
16
vulnerability VCID-bxh1-y9mk-3ygg
17
vulnerability VCID-ce2x-ehyk-nufk
18
vulnerability VCID-cubj-wrbp-1qbu
19
vulnerability VCID-e6kv-phwy-vfef
20
vulnerability VCID-e8qc-mktf-gyam
21
vulnerability VCID-gafc-bb59-9yhb
22
vulnerability VCID-h4tm-9wqz-1qge
23
vulnerability VCID-hgv6-czxs-cfbc
24
vulnerability VCID-j5th-837s-fkft
25
vulnerability VCID-jbea-m4ak-tqd7
26
vulnerability VCID-jyxg-h3a9-8ygv
27
vulnerability VCID-k1gu-khda-jyeb
28
vulnerability VCID-kapu-yvhn-ybhw
29
vulnerability VCID-mbpz-g2vs-tqc1
30
vulnerability VCID-neby-tsrt-ryg5
31
vulnerability VCID-nehw-r7zm-j7bb
32
vulnerability VCID-p4xa-ks7v-wbay
33
vulnerability VCID-qgqk-f1g2-7fbz
34
vulnerability VCID-reer-fk1f-tkbj
35
vulnerability VCID-saff-gz5j-8kex
36
vulnerability VCID-u5sa-wp1e-wyhg
37
vulnerability VCID-v345-m7e1-aue2
38
vulnerability VCID-v43a-k2bg-wkbz
39
vulnerability VCID-w2qv-hbsf-xyfh
40
vulnerability VCID-xccs-pwhb-nuce
41
vulnerability VCID-xfnm-yvm9-73az
42
vulnerability VCID-znn9-qud3-wqat
43
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@0.17.1
aliases CVE-2013-4438, PYSEC-2013-13
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uwr9-v56j-cuak
40
url VCID-v345-m7e1-aue2
vulnerability_id VCID-v345-m7e1-aue2
summary modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175568.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175568.html
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1212788
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1212788
2
reference_url https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.html
reference_id
reference_type
scores
url https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.html
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2017-30.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2017-30.yaml
4
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
url https://github.com/saltstack/salt
5
reference_url https://github.com/saltstack/salt/commit/22d2f7a1ec93300c34e8c42d14ec39d51e610b5c
reference_id
reference_type
scores
url https://github.com/saltstack/salt/commit/22d2f7a1ec93300c34e8c42d14ec39d51e610b5c
6
reference_url https://github.com/saltstack/salt/commit/b49d0d4b5ca5c6f31f03e2caf97cef1088eeed81
reference_id
reference_type
scores
url https://github.com/saltstack/salt/commit/b49d0d4b5ca5c6f31f03e2caf97cef1088eeed81
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-1839
reference_id CVE-2015-1839
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2015-1839
8
reference_url https://github.com/advisories/GHSA-6grp-75pq-c8cj
reference_id GHSA-6grp-75pq-c8cj
reference_type
scores
url https://github.com/advisories/GHSA-6grp-75pq-c8cj
fixed_packages
0
url pkg:pypi/salt@2014.7.4
purl pkg:pypi/salt@2014.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-3xs9-ym4e-fyag
3
vulnerability VCID-47u4-vdsp-c3ct
4
vulnerability VCID-48tt-fe7z-ybfb
5
vulnerability VCID-58p2-6c4u-tybp
6
vulnerability VCID-5hr1-5aec-43h3
7
vulnerability VCID-5w26-jb3k-u3b7
8
vulnerability VCID-65p4-5x86-y3fj
9
vulnerability VCID-6cfw-9xe8-43d6
10
vulnerability VCID-7mam-gwcp-8kdm
11
vulnerability VCID-8ghn-kbm9-sfas
12
vulnerability VCID-8mpz-ke16-fbej
13
vulnerability VCID-a8kw-uehx-xfg5
14
vulnerability VCID-az3x-2atn-pqh4
15
vulnerability VCID-bxh1-y9mk-3ygg
16
vulnerability VCID-ce2x-ehyk-nufk
17
vulnerability VCID-cubj-wrbp-1qbu
18
vulnerability VCID-e6kv-phwy-vfef
19
vulnerability VCID-e8qc-mktf-gyam
20
vulnerability VCID-gafc-bb59-9yhb
21
vulnerability VCID-h4tm-9wqz-1qge
22
vulnerability VCID-hgv6-czxs-cfbc
23
vulnerability VCID-j5th-837s-fkft
24
vulnerability VCID-jbea-m4ak-tqd7
25
vulnerability VCID-jyxg-h3a9-8ygv
26
vulnerability VCID-k1gu-khda-jyeb
27
vulnerability VCID-kapu-yvhn-ybhw
28
vulnerability VCID-mbpz-g2vs-tqc1
29
vulnerability VCID-neby-tsrt-ryg5
30
vulnerability VCID-nehw-r7zm-j7bb
31
vulnerability VCID-p4xa-ks7v-wbay
32
vulnerability VCID-qgqk-f1g2-7fbz
33
vulnerability VCID-reer-fk1f-tkbj
34
vulnerability VCID-saff-gz5j-8kex
35
vulnerability VCID-v43a-k2bg-wkbz
36
vulnerability VCID-w2qv-hbsf-xyfh
37
vulnerability VCID-xccs-pwhb-nuce
38
vulnerability VCID-xfnm-yvm9-73az
39
vulnerability VCID-znn9-qud3-wqat
40
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2014.7.4
aliases CVE-2015-1839, GHSA-6grp-75pq-c8cj, PYSEC-2017-30
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v345-m7e1-aue2
41
url VCID-v43a-k2bg-wkbz
vulnerability_id VCID-v43a-k2bg-wkbz
summary An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.
references
0
reference_url https://github.com/saltstack/salt/releases
reference_id
reference_type
scores
url https://github.com/saltstack/salt/releases
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
4
reference_url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
5
reference_url https://security.gentoo.org/glsa/202103-01
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202103-01
fixed_packages
0
url pkg:pypi/salt@2015.8.10
purl pkg:pypi/salt@2015.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xs9-ym4e-fyag
1
vulnerability VCID-47u4-vdsp-c3ct
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8ghn-kbm9-sfas
6
vulnerability VCID-8mpz-ke16-fbej
7
vulnerability VCID-a8kw-uehx-xfg5
8
vulnerability VCID-ce2x-ehyk-nufk
9
vulnerability VCID-e6kv-phwy-vfef
10
vulnerability VCID-e8qc-mktf-gyam
11
vulnerability VCID-gafc-bb59-9yhb
12
vulnerability VCID-h4tm-9wqz-1qge
13
vulnerability VCID-hgv6-czxs-cfbc
14
vulnerability VCID-jyxg-h3a9-8ygv
15
vulnerability VCID-k1gu-khda-jyeb
16
vulnerability VCID-kapu-yvhn-ybhw
17
vulnerability VCID-nehw-r7zm-j7bb
18
vulnerability VCID-qgqk-f1g2-7fbz
19
vulnerability VCID-reer-fk1f-tkbj
20
vulnerability VCID-saff-gz5j-8kex
21
vulnerability VCID-xccs-pwhb-nuce
22
vulnerability VCID-znn9-qud3-wqat
23
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2015.8.10
1
url pkg:pypi/salt@2015.8.13
purl pkg:pypi/salt@2015.8.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8ghn-kbm9-sfas
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-qgqk-f1g2-7fbz
18
vulnerability VCID-saff-gz5j-8kex
19
vulnerability VCID-znn9-qud3-wqat
20
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2015.8.13
2
url pkg:pypi/salt@2016.3.4
purl pkg:pypi/salt@2016.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8ghn-kbm9-sfas
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-qgqk-f1g2-7fbz
18
vulnerability VCID-reer-fk1f-tkbj
19
vulnerability VCID-saff-gz5j-8kex
20
vulnerability VCID-xccs-pwhb-nuce
21
vulnerability VCID-znn9-qud3-wqat
22
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.4
3
url pkg:pypi/salt@2016.3.6
purl pkg:pypi/salt@2016.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e6kv-phwy-vfef
8
vulnerability VCID-e8qc-mktf-gyam
9
vulnerability VCID-gafc-bb59-9yhb
10
vulnerability VCID-h4tm-9wqz-1qge
11
vulnerability VCID-hgv6-czxs-cfbc
12
vulnerability VCID-jyxg-h3a9-8ygv
13
vulnerability VCID-k1gu-khda-jyeb
14
vulnerability VCID-kapu-yvhn-ybhw
15
vulnerability VCID-nehw-r7zm-j7bb
16
vulnerability VCID-qgqk-f1g2-7fbz
17
vulnerability VCID-saff-gz5j-8kex
18
vulnerability VCID-znn9-qud3-wqat
19
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.6
4
url pkg:pypi/salt@2016.3.8
purl pkg:pypi/salt@2016.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-7mam-gwcp-8kdm
3
vulnerability VCID-8mpz-ke16-fbej
4
vulnerability VCID-a8kw-uehx-xfg5
5
vulnerability VCID-ce2x-ehyk-nufk
6
vulnerability VCID-e6kv-phwy-vfef
7
vulnerability VCID-e8qc-mktf-gyam
8
vulnerability VCID-gafc-bb59-9yhb
9
vulnerability VCID-h4tm-9wqz-1qge
10
vulnerability VCID-hgv6-czxs-cfbc
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-nehw-r7zm-j7bb
14
vulnerability VCID-qgqk-f1g2-7fbz
15
vulnerability VCID-saff-gz5j-8kex
16
vulnerability VCID-znn9-qud3-wqat
17
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.8
5
url pkg:pypi/salt@2016.11.3
purl pkg:pypi/salt@2016.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-pr6t-nw24-cfcp
18
vulnerability VCID-qgqk-f1g2-7fbz
19
vulnerability VCID-saff-gz5j-8kex
20
vulnerability VCID-znn9-qud3-wqat
21
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.3
6
url pkg:pypi/salt@2016.11.5
purl pkg:pypi/salt@2016.11.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-cubj-wrbp-1qbu
9
vulnerability VCID-e6kv-phwy-vfef
10
vulnerability VCID-e8qc-mktf-gyam
11
vulnerability VCID-gafc-bb59-9yhb
12
vulnerability VCID-h4tm-9wqz-1qge
13
vulnerability VCID-hgv6-czxs-cfbc
14
vulnerability VCID-j5th-837s-fkft
15
vulnerability VCID-jbea-m4ak-tqd7
16
vulnerability VCID-jyxg-h3a9-8ygv
17
vulnerability VCID-k1gu-khda-jyeb
18
vulnerability VCID-kapu-yvhn-ybhw
19
vulnerability VCID-nehw-r7zm-j7bb
20
vulnerability VCID-qgqk-f1g2-7fbz
21
vulnerability VCID-saff-gz5j-8kex
22
vulnerability VCID-znn9-qud3-wqat
23
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.5
7
url pkg:pypi/salt@2016.11.10
purl pkg:pypi/salt@2016.11.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e6kv-phwy-vfef
8
vulnerability VCID-e8qc-mktf-gyam
9
vulnerability VCID-gafc-bb59-9yhb
10
vulnerability VCID-h4tm-9wqz-1qge
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-nehw-r7zm-j7bb
14
vulnerability VCID-qgqk-f1g2-7fbz
15
vulnerability VCID-saff-gz5j-8kex
16
vulnerability VCID-znn9-qud3-wqat
17
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.10
8
url pkg:pypi/salt@2017.7.8
purl pkg:pypi/salt@2017.7.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e8qc-mktf-gyam
8
vulnerability VCID-gafc-bb59-9yhb
9
vulnerability VCID-h4tm-9wqz-1qge
10
vulnerability VCID-jyxg-h3a9-8ygv
11
vulnerability VCID-k1gu-khda-jyeb
12
vulnerability VCID-nehw-r7zm-j7bb
13
vulnerability VCID-saff-gz5j-8kex
14
vulnerability VCID-znn9-qud3-wqat
15
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2017.7.8
9
url pkg:pypi/salt@2019.2.0rc1
purl pkg:pypi/salt@2019.2.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-7mam-gwcp-8kdm
3
vulnerability VCID-8mpz-ke16-fbej
4
vulnerability VCID-a8kw-uehx-xfg5
5
vulnerability VCID-ce2x-ehyk-nufk
6
vulnerability VCID-e8qc-mktf-gyam
7
vulnerability VCID-gafc-bb59-9yhb
8
vulnerability VCID-h4tm-9wqz-1qge
9
vulnerability VCID-jyxg-h3a9-8ygv
10
vulnerability VCID-k1gu-khda-jyeb
11
vulnerability VCID-nehw-r7zm-j7bb
12
vulnerability VCID-saff-gz5j-8kex
13
vulnerability VCID-znn9-qud3-wqat
14
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.0rc1
10
url pkg:pypi/salt@2019.2.5
purl pkg:pypi/salt@2019.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.5
11
url pkg:pypi/salt@2019.2.8
purl pkg:pypi/salt@2019.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.8
12
url pkg:pypi/salt@3000.6
purl pkg:pypi/salt@3000.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6
13
url pkg:pypi/salt@3001.4
purl pkg:pypi/salt@3001.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4
14
url pkg:pypi/salt@3002.5
purl pkg:pypi/salt@3002.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5
aliases CVE-2021-3197, PYSEC-2021-57
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v43a-k2bg-wkbz
42
url VCID-w2qv-hbsf-xyfh
vulnerability_id VCID-w2qv-hbsf-xyfh
summary In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
references
0
reference_url https://github.com/saltstack/salt/releases
reference_id
reference_type
scores
url https://github.com/saltstack/salt/releases
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/
4
reference_url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
5
reference_url https://security.gentoo.org/glsa/202103-01
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202103-01
fixed_packages
0
url pkg:pypi/salt@2015.8.10
purl pkg:pypi/salt@2015.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xs9-ym4e-fyag
1
vulnerability VCID-47u4-vdsp-c3ct
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8ghn-kbm9-sfas
6
vulnerability VCID-8mpz-ke16-fbej
7
vulnerability VCID-a8kw-uehx-xfg5
8
vulnerability VCID-ce2x-ehyk-nufk
9
vulnerability VCID-e6kv-phwy-vfef
10
vulnerability VCID-e8qc-mktf-gyam
11
vulnerability VCID-gafc-bb59-9yhb
12
vulnerability VCID-h4tm-9wqz-1qge
13
vulnerability VCID-hgv6-czxs-cfbc
14
vulnerability VCID-jyxg-h3a9-8ygv
15
vulnerability VCID-k1gu-khda-jyeb
16
vulnerability VCID-kapu-yvhn-ybhw
17
vulnerability VCID-nehw-r7zm-j7bb
18
vulnerability VCID-qgqk-f1g2-7fbz
19
vulnerability VCID-reer-fk1f-tkbj
20
vulnerability VCID-saff-gz5j-8kex
21
vulnerability VCID-xccs-pwhb-nuce
22
vulnerability VCID-znn9-qud3-wqat
23
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2015.8.10
1
url pkg:pypi/salt@2015.8.13
purl pkg:pypi/salt@2015.8.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8ghn-kbm9-sfas
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-qgqk-f1g2-7fbz
18
vulnerability VCID-saff-gz5j-8kex
19
vulnerability VCID-znn9-qud3-wqat
20
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2015.8.13
2
url pkg:pypi/salt@2016.3.4
purl pkg:pypi/salt@2016.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8ghn-kbm9-sfas
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-qgqk-f1g2-7fbz
18
vulnerability VCID-reer-fk1f-tkbj
19
vulnerability VCID-saff-gz5j-8kex
20
vulnerability VCID-xccs-pwhb-nuce
21
vulnerability VCID-znn9-qud3-wqat
22
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.4
3
url pkg:pypi/salt@2016.3.6
purl pkg:pypi/salt@2016.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e6kv-phwy-vfef
8
vulnerability VCID-e8qc-mktf-gyam
9
vulnerability VCID-gafc-bb59-9yhb
10
vulnerability VCID-h4tm-9wqz-1qge
11
vulnerability VCID-hgv6-czxs-cfbc
12
vulnerability VCID-jyxg-h3a9-8ygv
13
vulnerability VCID-k1gu-khda-jyeb
14
vulnerability VCID-kapu-yvhn-ybhw
15
vulnerability VCID-nehw-r7zm-j7bb
16
vulnerability VCID-qgqk-f1g2-7fbz
17
vulnerability VCID-saff-gz5j-8kex
18
vulnerability VCID-znn9-qud3-wqat
19
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.6
4
url pkg:pypi/salt@2016.3.8
purl pkg:pypi/salt@2016.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-7mam-gwcp-8kdm
3
vulnerability VCID-8mpz-ke16-fbej
4
vulnerability VCID-a8kw-uehx-xfg5
5
vulnerability VCID-ce2x-ehyk-nufk
6
vulnerability VCID-e6kv-phwy-vfef
7
vulnerability VCID-e8qc-mktf-gyam
8
vulnerability VCID-gafc-bb59-9yhb
9
vulnerability VCID-h4tm-9wqz-1qge
10
vulnerability VCID-hgv6-czxs-cfbc
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-nehw-r7zm-j7bb
14
vulnerability VCID-qgqk-f1g2-7fbz
15
vulnerability VCID-saff-gz5j-8kex
16
vulnerability VCID-znn9-qud3-wqat
17
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.8
5
url pkg:pypi/salt@2016.11.3
purl pkg:pypi/salt@2016.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-pr6t-nw24-cfcp
18
vulnerability VCID-qgqk-f1g2-7fbz
19
vulnerability VCID-saff-gz5j-8kex
20
vulnerability VCID-znn9-qud3-wqat
21
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.3
6
url pkg:pypi/salt@2016.11.5
purl pkg:pypi/salt@2016.11.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-58p2-6c4u-tybp
4
vulnerability VCID-7mam-gwcp-8kdm
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-cubj-wrbp-1qbu
9
vulnerability VCID-e6kv-phwy-vfef
10
vulnerability VCID-e8qc-mktf-gyam
11
vulnerability VCID-gafc-bb59-9yhb
12
vulnerability VCID-h4tm-9wqz-1qge
13
vulnerability VCID-hgv6-czxs-cfbc
14
vulnerability VCID-j5th-837s-fkft
15
vulnerability VCID-jbea-m4ak-tqd7
16
vulnerability VCID-jyxg-h3a9-8ygv
17
vulnerability VCID-k1gu-khda-jyeb
18
vulnerability VCID-kapu-yvhn-ybhw
19
vulnerability VCID-nehw-r7zm-j7bb
20
vulnerability VCID-qgqk-f1g2-7fbz
21
vulnerability VCID-saff-gz5j-8kex
22
vulnerability VCID-znn9-qud3-wqat
23
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.5
7
url pkg:pypi/salt@2016.11.10
purl pkg:pypi/salt@2016.11.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e6kv-phwy-vfef
8
vulnerability VCID-e8qc-mktf-gyam
9
vulnerability VCID-gafc-bb59-9yhb
10
vulnerability VCID-h4tm-9wqz-1qge
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-nehw-r7zm-j7bb
14
vulnerability VCID-qgqk-f1g2-7fbz
15
vulnerability VCID-saff-gz5j-8kex
16
vulnerability VCID-znn9-qud3-wqat
17
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.10
8
url pkg:pypi/salt@2017.7.8
purl pkg:pypi/salt@2017.7.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-48tt-fe7z-ybfb
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8mpz-ke16-fbej
5
vulnerability VCID-a8kw-uehx-xfg5
6
vulnerability VCID-ce2x-ehyk-nufk
7
vulnerability VCID-e8qc-mktf-gyam
8
vulnerability VCID-gafc-bb59-9yhb
9
vulnerability VCID-h4tm-9wqz-1qge
10
vulnerability VCID-jyxg-h3a9-8ygv
11
vulnerability VCID-k1gu-khda-jyeb
12
vulnerability VCID-nehw-r7zm-j7bb
13
vulnerability VCID-saff-gz5j-8kex
14
vulnerability VCID-znn9-qud3-wqat
15
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2017.7.8
9
url pkg:pypi/salt@2019.2.0rc1
purl pkg:pypi/salt@2019.2.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-7mam-gwcp-8kdm
3
vulnerability VCID-8mpz-ke16-fbej
4
vulnerability VCID-a8kw-uehx-xfg5
5
vulnerability VCID-ce2x-ehyk-nufk
6
vulnerability VCID-e8qc-mktf-gyam
7
vulnerability VCID-gafc-bb59-9yhb
8
vulnerability VCID-h4tm-9wqz-1qge
9
vulnerability VCID-jyxg-h3a9-8ygv
10
vulnerability VCID-k1gu-khda-jyeb
11
vulnerability VCID-nehw-r7zm-j7bb
12
vulnerability VCID-saff-gz5j-8kex
13
vulnerability VCID-znn9-qud3-wqat
14
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.0rc1
10
url pkg:pypi/salt@2019.2.5
purl pkg:pypi/salt@2019.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.5
11
url pkg:pypi/salt@2019.2.8
purl pkg:pypi/salt@2019.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.8
12
url pkg:pypi/salt@3000.6
purl pkg:pypi/salt@3000.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6
13
url pkg:pypi/salt@3001.4
purl pkg:pypi/salt@3001.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-znn9-qud3-wqat
11
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4
14
url pkg:pypi/salt@3002.5
purl pkg:pypi/salt@3002.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-8mpz-ke16-fbej
3
vulnerability VCID-a8kw-uehx-xfg5
4
vulnerability VCID-ce2x-ehyk-nufk
5
vulnerability VCID-h4tm-9wqz-1qge
6
vulnerability VCID-jyxg-h3a9-8ygv
7
vulnerability VCID-k1gu-khda-jyeb
8
vulnerability VCID-nehw-r7zm-j7bb
9
vulnerability VCID-saff-gz5j-8kex
10
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5
aliases CVE-2021-3144, PYSEC-2021-54
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w2qv-hbsf-xyfh
43
url VCID-xccs-pwhb-nuce
vulnerability_id VCID-xccs-pwhb-nuce
summary When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed.
references
0
reference_url https://docs.saltstack.com/en/2016.3/topics/releases/2015.8.13.html
reference_id
reference_type
scores
url https://docs.saltstack.com/en/2016.3/topics/releases/2015.8.13.html
1
reference_url https://docs.saltstack.com/en/2016.3/topics/releases/2016.3.5.html
reference_id
reference_type
scores
url https://docs.saltstack.com/en/2016.3/topics/releases/2016.3.5.html
2
reference_url https://docs.saltstack.com/en/latest/topics/releases/2016.11.2.html
reference_id
reference_type
scores
url https://docs.saltstack.com/en/latest/topics/releases/2016.11.2.html
fixed_packages
0
url pkg:pypi/salt@2015.8.13
purl pkg:pypi/salt@2015.8.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48tt-fe7z-ybfb
2
vulnerability VCID-58p2-6c4u-tybp
3
vulnerability VCID-7mam-gwcp-8kdm
4
vulnerability VCID-8ghn-kbm9-sfas
5
vulnerability VCID-8mpz-ke16-fbej
6
vulnerability VCID-a8kw-uehx-xfg5
7
vulnerability VCID-ce2x-ehyk-nufk
8
vulnerability VCID-e6kv-phwy-vfef
9
vulnerability VCID-e8qc-mktf-gyam
10
vulnerability VCID-gafc-bb59-9yhb
11
vulnerability VCID-h4tm-9wqz-1qge
12
vulnerability VCID-hgv6-czxs-cfbc
13
vulnerability VCID-jyxg-h3a9-8ygv
14
vulnerability VCID-k1gu-khda-jyeb
15
vulnerability VCID-kapu-yvhn-ybhw
16
vulnerability VCID-nehw-r7zm-j7bb
17
vulnerability VCID-qgqk-f1g2-7fbz
18
vulnerability VCID-saff-gz5j-8kex
19
vulnerability VCID-znn9-qud3-wqat
20
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2015.8.13
1
url pkg:pypi/salt@2016.3.5
purl pkg:pypi/salt@2016.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-47u4-vdsp-c3ct
3
vulnerability VCID-48tt-fe7z-ybfb
4
vulnerability VCID-58p2-6c4u-tybp
5
vulnerability VCID-5hr1-5aec-43h3
6
vulnerability VCID-65p4-5x86-y3fj
7
vulnerability VCID-6cfw-9xe8-43d6
8
vulnerability VCID-7mam-gwcp-8kdm
9
vulnerability VCID-8ghn-kbm9-sfas
10
vulnerability VCID-8mpz-ke16-fbej
11
vulnerability VCID-a8kw-uehx-xfg5
12
vulnerability VCID-ce2x-ehyk-nufk
13
vulnerability VCID-cubj-wrbp-1qbu
14
vulnerability VCID-e6kv-phwy-vfef
15
vulnerability VCID-e8qc-mktf-gyam
16
vulnerability VCID-gafc-bb59-9yhb
17
vulnerability VCID-h4tm-9wqz-1qge
18
vulnerability VCID-hgv6-czxs-cfbc
19
vulnerability VCID-j5th-837s-fkft
20
vulnerability VCID-jbea-m4ak-tqd7
21
vulnerability VCID-jyxg-h3a9-8ygv
22
vulnerability VCID-k1gu-khda-jyeb
23
vulnerability VCID-kapu-yvhn-ybhw
24
vulnerability VCID-mbpz-g2vs-tqc1
25
vulnerability VCID-neby-tsrt-ryg5
26
vulnerability VCID-nehw-r7zm-j7bb
27
vulnerability VCID-p4xa-ks7v-wbay
28
vulnerability VCID-qgqk-f1g2-7fbz
29
vulnerability VCID-saff-gz5j-8kex
30
vulnerability VCID-v43a-k2bg-wkbz
31
vulnerability VCID-w2qv-hbsf-xyfh
32
vulnerability VCID-znn9-qud3-wqat
33
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.3.5
2
url pkg:pypi/salt@2016.11.2
purl pkg:pypi/salt@2016.11.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-47u4-vdsp-c3ct
3
vulnerability VCID-48r4-3qds-bbhv
4
vulnerability VCID-48tt-fe7z-ybfb
5
vulnerability VCID-58p2-6c4u-tybp
6
vulnerability VCID-5hr1-5aec-43h3
7
vulnerability VCID-65p4-5x86-y3fj
8
vulnerability VCID-6cfw-9xe8-43d6
9
vulnerability VCID-7mam-gwcp-8kdm
10
vulnerability VCID-8mpz-ke16-fbej
11
vulnerability VCID-a8kw-uehx-xfg5
12
vulnerability VCID-ce2x-ehyk-nufk
13
vulnerability VCID-cubj-wrbp-1qbu
14
vulnerability VCID-e6kv-phwy-vfef
15
vulnerability VCID-e8qc-mktf-gyam
16
vulnerability VCID-gafc-bb59-9yhb
17
vulnerability VCID-h4tm-9wqz-1qge
18
vulnerability VCID-hgv6-czxs-cfbc
19
vulnerability VCID-j5th-837s-fkft
20
vulnerability VCID-jbea-m4ak-tqd7
21
vulnerability VCID-jyxg-h3a9-8ygv
22
vulnerability VCID-k1gu-khda-jyeb
23
vulnerability VCID-kapu-yvhn-ybhw
24
vulnerability VCID-mbpz-g2vs-tqc1
25
vulnerability VCID-neby-tsrt-ryg5
26
vulnerability VCID-nehw-r7zm-j7bb
27
vulnerability VCID-p4xa-ks7v-wbay
28
vulnerability VCID-pr6t-nw24-cfcp
29
vulnerability VCID-qgqk-f1g2-7fbz
30
vulnerability VCID-saff-gz5j-8kex
31
vulnerability VCID-v43a-k2bg-wkbz
32
vulnerability VCID-w2qv-hbsf-xyfh
33
vulnerability VCID-znn9-qud3-wqat
34
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2016.11.2
aliases CVE-2017-5192, PYSEC-2017-38
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xccs-pwhb-nuce
44
url VCID-xfnm-yvm9-73az
vulnerability_id VCID-xfnm-yvm9-73az
summary salt before 2015.5.5 leaks git usernames and passwords to the log.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1257154
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1257154
1
reference_url https://github.com/saltstack/salt/commit/28aa9b105804ff433d8f663b2f9b804f2b75495a
reference_id
reference_type
scores
url https://github.com/saltstack/salt/commit/28aa9b105804ff433d8f663b2f9b804f2b75495a
fixed_packages
0
url pkg:pypi/salt@2015.5.5
purl pkg:pypi/salt@2015.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-3xs9-ym4e-fyag
3
vulnerability VCID-47u4-vdsp-c3ct
4
vulnerability VCID-48tt-fe7z-ybfb
5
vulnerability VCID-58p2-6c4u-tybp
6
vulnerability VCID-5hr1-5aec-43h3
7
vulnerability VCID-65p4-5x86-y3fj
8
vulnerability VCID-6cfw-9xe8-43d6
9
vulnerability VCID-7mam-gwcp-8kdm
10
vulnerability VCID-8ghn-kbm9-sfas
11
vulnerability VCID-8mpz-ke16-fbej
12
vulnerability VCID-a8kw-uehx-xfg5
13
vulnerability VCID-az3x-2atn-pqh4
14
vulnerability VCID-bxh1-y9mk-3ygg
15
vulnerability VCID-ce2x-ehyk-nufk
16
vulnerability VCID-cubj-wrbp-1qbu
17
vulnerability VCID-e6kv-phwy-vfef
18
vulnerability VCID-e8qc-mktf-gyam
19
vulnerability VCID-ft7d-u3qu-7kf8
20
vulnerability VCID-gafc-bb59-9yhb
21
vulnerability VCID-h4tm-9wqz-1qge
22
vulnerability VCID-hgv6-czxs-cfbc
23
vulnerability VCID-j5th-837s-fkft
24
vulnerability VCID-jbea-m4ak-tqd7
25
vulnerability VCID-jyxg-h3a9-8ygv
26
vulnerability VCID-k1gu-khda-jyeb
27
vulnerability VCID-kapu-yvhn-ybhw
28
vulnerability VCID-mbpz-g2vs-tqc1
29
vulnerability VCID-neby-tsrt-ryg5
30
vulnerability VCID-nehw-r7zm-j7bb
31
vulnerability VCID-p4xa-ks7v-wbay
32
vulnerability VCID-qgqk-f1g2-7fbz
33
vulnerability VCID-reer-fk1f-tkbj
34
vulnerability VCID-saff-gz5j-8kex
35
vulnerability VCID-v43a-k2bg-wkbz
36
vulnerability VCID-w2qv-hbsf-xyfh
37
vulnerability VCID-xccs-pwhb-nuce
38
vulnerability VCID-znn9-qud3-wqat
39
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2015.5.5
aliases CVE-2015-6918, PYSEC-2017-70
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xfnm-yvm9-73az
45
url VCID-znn9-qud3-wqat
vulnerability_id VCID-znn9-qud3-wqat
summary CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions.
references
0
reference_url https://bugzilla.suse.com/show_bug.cgi?id=1182382
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://bugzilla.suse.com/show_bug.cgi?id=1182382
fixed_packages
0
url pkg:pypi/salt@3002.2
purl pkg:pypi/salt@3002.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ds7-ga65-r3b6
1
vulnerability VCID-2h9s-fgnc-1qeg
2
vulnerability VCID-47u4-vdsp-c3ct
3
vulnerability VCID-48r4-3qds-bbhv
4
vulnerability VCID-5hr1-5aec-43h3
5
vulnerability VCID-65p4-5x86-y3fj
6
vulnerability VCID-6cfw-9xe8-43d6
7
vulnerability VCID-8mpz-ke16-fbej
8
vulnerability VCID-a8kw-uehx-xfg5
9
vulnerability VCID-ce2x-ehyk-nufk
10
vulnerability VCID-h4tm-9wqz-1qge
11
vulnerability VCID-jyxg-h3a9-8ygv
12
vulnerability VCID-k1gu-khda-jyeb
13
vulnerability VCID-mbpz-g2vs-tqc1
14
vulnerability VCID-neby-tsrt-ryg5
15
vulnerability VCID-nehw-r7zm-j7bb
16
vulnerability VCID-p4xa-ks7v-wbay
17
vulnerability VCID-saff-gz5j-8kex
18
vulnerability VCID-v43a-k2bg-wkbz
19
vulnerability VCID-w2qv-hbsf-xyfh
20
vulnerability VCID-zter-3e3b-7yfb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.2
aliases CVE-2021-25315, PYSEC-2021-891
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-znn9-qud3-wqat
46
url VCID-zter-3e3b-7yfb
vulnerability_id VCID-zter-3e3b-7yfb
summary An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A sufficient craft attacker could gain root access on minion under certain scenarios.
references
0
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2022-173.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2022-173.yaml
1
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
url https://github.com/saltstack/salt
2
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.8.rst#L31
reference_id
reference_type
scores
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.8.rst#L31
3
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3003.4.rst#L32
reference_id
reference_type
scores
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3003.4.rst#L32
4
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3004.1.rst#L30
reference_id
reference_type
scores
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3004.1.rst#L30
5
reference_url https://github.com/saltstack/salt/releases
reference_id
reference_type
scores
url https://github.com/saltstack/salt/releases
6
reference_url https://github.com/saltstack/salt/releases,
reference_id
reference_type
scores
url https://github.com/saltstack/salt/releases,
7
reference_url https://repo.saltproject.io
reference_id
reference_type
scores
url https://repo.saltproject.io
8
reference_url https://repo.saltproject.io/
reference_id
reference_type
scores
url https://repo.saltproject.io/
9
reference_url https://saltproject.io/security_announcements/salt-security-advisory-release
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/salt-security-advisory-release
10
reference_url https://saltproject.io/security_announcements/salt-security-advisory-release/,
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/salt-security-advisory-release/,
11
reference_url https://security.gentoo.org/glsa/202310-22
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202310-22
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22936
reference_id CVE-2022-22936
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-22936
13
reference_url https://github.com/advisories/GHSA-5r3f-3m3j-wcj2
reference_id GHSA-5r3f-3m3j-wcj2
reference_type
scores
url https://github.com/advisories/GHSA-5r3f-3m3j-wcj2
fixed_packages
0
url pkg:pypi/salt@3002.8
purl pkg:pypi/salt@3002.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47u4-vdsp-c3ct
1
vulnerability VCID-48r4-3qds-bbhv
2
vulnerability VCID-a8kw-uehx-xfg5
3
vulnerability VCID-ce2x-ehyk-nufk
4
vulnerability VCID-h4tm-9wqz-1qge
5
vulnerability VCID-nehw-r7zm-j7bb
6
vulnerability VCID-saff-gz5j-8kex
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.8
1
url pkg:pypi/salt@3003.4
purl pkg:pypi/salt@3003.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ce2x-ehyk-nufk
1
vulnerability VCID-nehw-r7zm-j7bb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3003.4
2
url pkg:pypi/salt@3004.1
purl pkg:pypi/salt@3004.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ce2x-ehyk-nufk
1
vulnerability VCID-nehw-r7zm-j7bb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3004.1
aliases CVE-2022-22936, GHSA-5r3f-3m3j-wcj2, PYSEC-2022-173
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zter-3e3b-7yfb
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/salt@0.13.2