Known Vulnerabilities for Salt by Saltstack
Listed below are 10 of the newest known vulnerabilities associated with "Salt" by "Saltstack".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-22967 | An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts... | 8.8 - HIGH | 2022-06-23 | 2023-12-21 |
| CVE-2022-22941 | An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, ... | 8.8 - HIGH | 2022-03-29 | 2023-12-21 |
| CVE-2022-22936 | An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies ar... | 8.8 - HIGH | 2022-03-29 | 2023-12-21 |
| CVE-2022-22935 | An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of servic... | 3.7 - LOW | 2022-03-29 | 2023-12-21 |
| CVE-2022-22934 | An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data wit... | 8.8 - HIGH | 2022-03-29 | 2023-12-21 |
| CVE-2021-22004 | An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file a... | 6.4 - MEDIUM | 2021-09-08 | 2023-11-07 |
| CVE-2021-21996 | An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain ... | 7.5 - HIGH | 2021-09-08 | 2023-12-21 |
| CVE-2021-3197 | An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by incl... | 9.8 - CRITICAL | 2021-02-27 | 2023-12-21 |
| CVE-2021-3148 | An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.util... | 9.8 - CRITICAL | 2021-02-27 | 2023-12-21 |
| CVE-2021-3144 | In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against t... | 9.1 - CRITICAL | 2021-02-27 | 2023-12-21 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Saltstack | Salt | 3002.2 | All | All | All |
| Application | Saltstack | Salt | 3002.1 | All | All | All |
| Application | Saltstack | Salt | 3002 | All | All | All |
| Application | Saltstack | Salt | 3001.3 | All | All | All |
| Application | Saltstack | Salt | 3001.2 | All | All | All |
| Application | Saltstack | Salt | 3001.1 | All | All | All |
| Application | Saltstack | Salt | 3001 | All | All | All |
| Application | Saltstack | Salt | 3000.3 | All | All | All |
| Application | Saltstack | Salt | 3000.2 | All | All | All |
| Application | Saltstack | Salt | 3000.13 | All | All | All |
| Application | Saltstack | Salt | 3000.1 | All | All | All |
| Application | Saltstack | Salt | 3000.0 | All | All | All |
| Application | Saltstack | Salt | 3000 | All | All | All |
| Application | Saltstack | Salt | 2019.8.0 | All | All | All |
| Application | Saltstack | Salt | 2019.2.5 | All | All | All |
| Application | Saltstack | Salt | 2019.2.4 | All | All | All |
| Application | Saltstack | Salt | 2019.2.3 | All | All | All |
| Application | Saltstack | Salt | 2019.2.2 | All | All | All |
| Application | Saltstack | Salt | 2019.2.1 | All | All | All |
| Application | Saltstack | Salt | 2019.2.0 | - | All | All |