USN-4459-1: Salt vulnerabilities

  • Thread starter Ubuntu security notices
  • Start date
U

Ubuntu security notices

Guest
It was discovered that Salt allows remote attackers to determine which files exist on the server. An attacker could use that to extract sensitive information. (CVE-2018-15750) It was discovered that Salt has a vulnerability that allows an user to bypass authentication. An attacker could use that to extract sensitive information, execute abritrary code or crash the server. (CVE-2018-15751) It was discovered that Salt is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host. (CVE-2019-17361) It was discovered that Salt incorrectly validated method calls and sanitized paths. A remote attacker could possibly use this issue to access some methods without authentication. (CVE-2020-11651, CVE-2020-11652)

Continue reading...
 
Top