FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
50259d8b-243e-11eb-8bae-b42e99975750salt -- multiple vulnerabilities

SaltStack reports multiple security vulnerabilities in Salt 3002:

  • CVE-2020-16846: Prevent shell injections in netapi ssh client.
  • CVE-2020-17490: Prevent creating world readable private keys with the tls execution module.
  • CVE-2020-25592: Properly validate eauth credentials and tokens along with their ACLs. Prior to this change eauth was not properly validated when calling Salt ssh via the salt-api. Any value for 'eauth' or 'token' would allow a user to bypass authentication and make calls to Salt ssh.

Discovery 2020-11-06
Entry 2020-11-12
py36-salt
py37-salt
py38-salt
ge 3002 lt 3002.1

https://docs.saltstack.com/en/latest/topics/releases/3002.1.html
CVE-2020-16846
https://nvd.nist.gov/vuln/detail/CVE-2020-16846
CVE-2020-17490
https://nvd.nist.gov/vuln/detail/CVE-2020-17490
CVE-2020-25592
https://nvd.nist.gov/vuln/detail/CVE-2020-25592