Aggregates CVE and security vulnerability intelligence across all SaltStack-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk input validation, vendor risk sql injection, and vendor risk buffer overflow; exposure may include vendor impact memory corruption in vendor surface production workloads contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2017-12791 | Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. | [email protected] | 9.8 | 0.93% | 2017-08-23 | 2026-05-13 |
| CVE-2015-6941 | win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs. | [email protected] | 9.8 | 0.41% | 2017-08-09 | 2026-05-13 |
| CVE-2017-8109 | The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients). | [email protected] | 7.8 | 0.05% | 2017-04-25 | 2026-05-13 |
| CVE-2015-1839 | modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. | [email protected] | 5.3 | 0.07% | 2017-04-13 | 2026-05-13 |
| CVE-2015-1838 | modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. | [email protected] | 5.3 | 0.07% | 2017-04-13 | 2026-05-13 |
| CVE-2016-9639 | Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching. | [email protected] | 9.1 | 0.80% | 2017-02-07 | 2026-05-13 |
| CVE-2016-3176 | Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient. | [email protected] | 5.6 | 0.17% | 2017-01-31 | 2026-05-13 |
| CVE-2015-8034 | The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file. | [email protected] | 3.3 | 0.04% | 2017-01-30 | 2026-05-13 |
| CVE-2016-1866 | Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master data stream. | [email protected] | 8.1 | 0.63% | 2016-04-12 | 2026-05-06 |
| CVE-2014-3563 | Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud. | [email protected] | 7.2 | 0.14% | 2014-08-22 | 2026-05-06 |
| CVE-2013-6617 | The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges. | [email protected] | 10.0 | 1.70% | 2013-11-05 | 2026-04-29 |
| CVE-2013-4439 | Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key. | [email protected] | 4.9 | 0.19% | 2013-11-05 | 2026-04-29 |
| CVE-2013-4438 | Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to be loaded has already been determined to be safe. | [email protected] | 7.5 | 0.57% | 2013-11-05 | 2026-04-29 |
| CVE-2013-4437 | Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp." | [email protected] | 10.0 | 0.68% | 2013-11-05 | 2026-04-29 |
| CVE-2013-4436 | The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle (MITM) attack. | [email protected] | 9.3 | 0.71% | 2013-11-05 | 2026-04-29 |
| CVE-2013-4435 | Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine. | [email protected] | 6.0 | 0.32% | 2013-11-05 | 2026-04-29 |