Known Vulnerabilities for Salt by Saltstack
Listed below are 10 of the newest known vulnerabilities associated with "Salt" by "Saltstack".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-5088 json | Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts. The _make_salt and _ma... | Not Provided | 2026-04-15 | 2026-04-16 |
| CVE-2023-20898 json | Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior t... | 7.8 - HIGH | 2023-09-05 | 2023-09-14 |
| CVE-2023-20897 json | Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request ser... | 5.3 - MEDIUM | 2023-09-05 | 2023-09-14 |
| CVE-2023-1430 json | The FluentCRM - Marketing Automation For WordPress plugin for WordPress is vulnerable to unauthorized modification of data i... | 5.3 - MEDIUM | 2023-06-09 | 2026-04-08 |
| CVE-2022-22967 json | An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts... | 8.8 - HIGH | 2022-06-23 | 2023-12-21 |
| CVE-2022-22941 json | An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, ... | 8.8 - HIGH | 2022-03-29 | 2023-12-21 |
| CVE-2022-22936 json | An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies ar... | 8.8 - HIGH | 2022-03-29 | 2023-12-21 |
| CVE-2022-22935 json | An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of servic... | 3.7 - LOW | 2022-03-29 | 2023-12-21 |
| CVE-2022-22934 json | An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data wit... | 8.8 - HIGH | 2022-03-29 | 2023-12-21 |
| CVE-2021-33226 json | ** DISPUTED ** Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the... | 9.8 - CRITICAL | 2023-02-17 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Saltstack | Salt | 3002.2 | |||
| Application | Saltstack | Salt | 3002.1 | |||
| Application | Saltstack | Salt | 3002 | |||
| Application | Saltstack | Salt | 3001.3 | |||
| Application | Saltstack | Salt | 3001.2 | |||
| Application | Saltstack | Salt | 3001.1 | |||
| Application | Saltstack | Salt | 3001 | |||
| Application | Saltstack | Salt | 3000.3 | |||
| Application | Saltstack | Salt | 3000.2 | |||
| Application | Saltstack | Salt | 3000.13 | |||
| Application | Saltstack | Salt | 3000.1 | |||
| Application | Saltstack | Salt | 3000.0 | |||
| Application | Saltstack | Salt | 3000 | |||
| Application | Saltstack | Salt | 2019.8.0 | |||
| Application | Saltstack | Salt | 2019.2.5 | |||
| Application | Saltstack | Salt | 2019.2.4 | |||
| Application | Saltstack | Salt | 2019.2.3 | |||
| Application | Saltstack | Salt | 2019.2.2 | |||
| Application | Saltstack | Salt | 2019.2.1 | |||
| Application | Saltstack | Salt | 2019.2.0 |