Information on source package salt

Available versions

ReleaseVersion
buster2018.3.4+dfsg1-6+deb10u3
bullseye3002.6+dfsg1-4+deb11u1
sid3004.1+dfsg-2.2

Open issues

BugbusterbullseyesidDescription
CVE-2023-34049vulnerablevulnerablevulnerableallows an attacker to force Salt-SSH to run their script
CVE-2023-28370vulnerablevulnerablevulnerableOpen redirect vulnerability in Tornado versions 6.3.1 and earlier allo ...
CVE-2023-20898vulnerablevulnerablevulnerableGit Providers can read from the wrong environment because they get the ...
CVE-2023-20897vulnerablevulnerablevulnerableSalt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. ...
CVE-2022-22967vulnerablevulnerablevulnerableAn issue was discovered in SaltStack Salt in versions before 3002.9, 3 ...
CVE-2022-22941vulnerablevulnerablefixedAn issue was discovered in SaltStack Salt in versions before 3002.8, 3 ...
CVE-2022-22936vulnerablevulnerablefixedAn issue was discovered in SaltStack Salt in versions before 3002.8, 3 ...
CVE-2022-22935vulnerablevulnerablefixedAn issue was discovered in SaltStack Salt in versions before 3002.8, 3 ...
CVE-2022-22934vulnerablevulnerablefixedAn issue was discovered in SaltStack Salt in versions before 3002.8, 3 ...

Open unimportant issues

BugbusterbullseyesidDescription
CVE-2021-22004vulnerablevulnerablefixedAn issue was discovered in SaltStack Salt before 3003.3. The salt mini ...

Resolved issues

BugDescription
CVE-2021-31607In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerabi ...
CVE-2021-25315CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Ent ...
CVE-2021-25284An issue was discovered in through SaltStack Salt before 3002.5. salt. ...
CVE-2021-25283An issue was discovered in through SaltStack Salt before 3002.5. The j ...
CVE-2021-25282An issue was discovered in through SaltStack Salt before 3002.5. The s ...
CVE-2021-25281An issue was discovered in through SaltStack Salt before 3002.5. salt- ...
CVE-2021-21996An issue was discovered in SaltStack Salt before 3003.3. A user who ha ...
CVE-2021-3197An issue was discovered in SaltStack Salt before 3002.5. The salt-api' ...
CVE-2021-3148An issue was discovered in SaltStack Salt before 3002.5. Sending craft ...
CVE-2021-3144In SaltStack Salt before 3002.5, eauth tokens can be used once after e ...
CVE-2020-35662In SaltStack Salt before 3002.5, when authenticating to services using ...
CVE-2020-28972In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsp ...
CVE-2020-28243An issue was discovered in SaltStack Salt before 3002.5. The minion's ...
CVE-2020-25592In SaltStack Salt through 3002, salt-netapi improperly validates eauth ...
CVE-2020-17490The TLS module within SaltStack Salt through 3002 creates certificates ...
CVE-2020-16846An issue was discovered in SaltStack Salt through 3002. Sending crafte ...
CVE-2020-11652An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 bef ...
CVE-2020-11651An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 bef ...
CVE-2019-1010259SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impac ...
CVE-2019-18897A UNIX Symbolic Link (Symlink) Following vulnerability in the packagin ...
CVE-2019-17361In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh ...
CVE-2018-15751SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remo ...
CVE-2018-15750Directory Traversal vulnerability in salt-api in SaltStack Salt before ...
CVE-2017-14696SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7 ...
CVE-2017-14695Directory traversal vulnerability in minion id validation in SaltStack ...
CVE-2017-12791Directory traversal vulnerability in minion id validation in SaltStack ...
CVE-2017-8109The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 co ...
CVE-2017-7893In SaltStack Salt before 2016.3.6, compromised salt-minions can impers ...
CVE-2017-5200Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, ...
CVE-2017-5192When using the local_batch client from salt-api in SaltStack Salt befo ...
CVE-2016-9639Salt before 2015.8.11 allows deleted minions to read or write to minio ...
CVE-2016-3176Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external ...
CVE-2016-1866Salt 2015.8.x before 2015.8.4 does not properly handle clear messages ...
CVE-2015-8034The state.sls function in Salt before 2015.8.3 uses weak permissions o ...
CVE-2015-6941win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before ...
CVE-2015-6918salt before 2015.5.5 leaks git usernames and passwords to the log.
CVE-2015-4017Salt before 2014.7.6 does not verify certificates when connecting via ...
CVE-2015-1839modules/chef.py in SaltStack before 2014.7.4 does not properly handle ...
CVE-2015-1838modules/serverdensity_device.py in SaltStack before 2014.7.4 does not ...
CVE-2014-3563Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 20 ...
CVE-2013-6617The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not ...
CVE-2013-4439Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authen ...
CVE-2013-4438Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute ...
CVE-2013-4437Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 h ...
CVE-2013-4436The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 ...
CVE-2013-4435Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated ...
CVE-2013-2228SaltStack RSA Key Generation allows remote users to decrypt communicat ...

Security announcements

DSA / DLADescription
DLA-2480-2salt - regression update
DLA-2823-2salt - regression update
DSA-5011-1salt - security update
DLA-2823-1salt - security update
DLA-2815-1salt - security update
DSA-4837-1salt - security update
DLA-2480-1salt - security update
DLA-2294-1salt - security update
DLA-2223-1salt - security update
DSA-4676-2salt - security update
DSA-4676-1salt - security update

Search for package or bug name: Reporting problems