salt@3005.2 vulnerabilities
Portable, distributed, remote execution and configuration management system
-
latest version
3007.0
-
first published
13 years ago
-
latest version published
2 months ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the salt package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more. Affected versions of this package are vulnerable to Directory Traversal via the How to fix Directory Traversal? Upgrade |
[,3005.5)
|
salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more. Affected versions of this package are vulnerable to Directory Traversal when establishing the syndic cache directory on the master. How to fix Directory Traversal? Upgrade |
[,3005.5)
|
salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more. Affected versions of this package are vulnerable to Improper Access Control. The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH. How to fix Improper Access Control? Upgrade |
[,3005.4)
[3006.0rc1,3006.4)
|
salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more. Affected versions of this package are vulnerable to Buffer Overflow via the How to fix Buffer Overflow? There is no fixed version for |
[0,)
|