FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-24 21:00:48 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
a1e03a3d-7be0-11eb-b392-20cf30e32f6d	salt -- multiple vulnerabilities SaltStack reports multiple security vulnerabilities in Salt CVE-2021-3197: The Salt-API.s SSH client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request. CVE-2021-25281: The Salt-API does not have eAuth credentials for the wheel_async client. CVE-2021-25282: The salt.wheel.pillar_roots.write method is vulnerable to directory traversal. CVE-2021-25283: The jinja renderer does not protect against server-side template injection attacks. CVE-2021-25284: webutils write passwords in cleartext to /var/log/salt/minion CVE-2021-3148: command injection in salt.utils.thin.gen_thin() CVE-2020-35662: Several places where Salt was not verifying the SSL cert by default. CVE-2021-3144: eauth Token can be used once after expiration. CVE-2020-28972: Code base not validating SSL/TLS certificate of the server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack CVE-2020-28243: Local Privilege Escalation in the Minion. Discovery 2021-02-25 Entry 2021-03-03 py36-salt-2019 py37-salt-2019 py38-salt-2019 py36-salt py37-salt py38-salt py39-salt < 2019.2.8 ge 3000 lt 3002.5 "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/" CVE-2021-3197 CVE-2021-25281 CVE-2021-25282 CVE-2021-25283 CVE-2021-25284 CVE-2021-3148 CVE-2020-35662 CVE-2021-3144 CVE-2020-28972 CVE-2020-28243

VuXML ID

Description

a1e03a3d-7be0-11eb-b392-20cf30e32f6d

salt -- multiple vulnerabilities

SaltStack reports multiple security vulnerabilities in Salt

CVE-2021-3197: The Salt-API.s SSH client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.

CVE-2021-25281: The Salt-API does not have eAuth credentials for the wheel_async client.

CVE-2021-25282: The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.

CVE-2021-25283: The jinja renderer does not protect against server-side template injection attacks.

CVE-2021-25284: webutils write passwords in cleartext to /var/log/salt/minion

CVE-2021-3148: command injection in salt.utils.thin.gen_thin()

CVE-2020-35662: Several places where Salt was not verifying the SSL cert by default.

CVE-2021-3144: eauth Token can be used once after expiration.

CVE-2020-28972: Code base not validating SSL/TLS certificate of the server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack

CVE-2020-28243: Local Privilege Escalation in the Minion.

Discovery 2021-02-25
Entry 2021-03-03
py36-salt-2019
py37-salt-2019
py38-salt-2019
py36-salt
py37-salt
py38-salt
py39-salt

< 2019.2.8

ge 3000 lt 3002.5

"https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/"
CVE-2021-3197
CVE-2021-25281
CVE-2021-25282
CVE-2021-25283
CVE-2021-25284
CVE-2021-3148
CVE-2020-35662
CVE-2021-3144
CVE-2020-28972
CVE-2020-28243