FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a1e03a3d-7be0-11eb-b392-20cf30e32f6dsalt -- multiple vulnerabilities

SaltStack reports multiple security vulnerabilities in Salt

  • CVE-2021-3197: The Salt-API.s SSH client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.
  • CVE-2021-25281: The Salt-API does not have eAuth credentials for the wheel_async client.
  • CVE-2021-25282: The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.
  • CVE-2021-25283: The jinja renderer does not protect against server-side template injection attacks.
  • CVE-2021-25284: webutils write passwords in cleartext to /var/log/salt/minion
  • CVE-2021-3148: command injection in salt.utils.thin.gen_thin()
  • CVE-2020-35662: Several places where Salt was not verifying the SSL cert by default.
  • CVE-2021-3144: eauth Token can be used once after expiration.
  • CVE-2020-28972: Code base not validating SSL/TLS certificate of the server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack
  • CVE-2020-28243: Local Privilege Escalation in the Minion.

Discovery 2021-02-25
Entry 2021-03-03
py36-salt-2019
py37-salt-2019
py38-salt-2019
py36-salt
py37-salt
py38-salt
py39-salt
< 2019.2.8

ge 3000 lt 3002.5

"https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/"
CVE-2021-3197
CVE-2021-25281
CVE-2021-25282
CVE-2021-25283
CVE-2021-25284
CVE-2021-3148
CVE-2020-35662
CVE-2021-3144
CVE-2020-28972
CVE-2020-28243
6bf55af9-973b-11ea-9f2c-38d547003487salt -- multiple vulnerabilities in salt-master process

F-Secure reports:

CVE-2020-11651 - Authentication bypass vulnerabilities

The ClearFuncs class processes unauthenticated requests and unintentionally exposes the _send_pub() method, which can be used to queue messages directly on the master publish server. Such messages can be used to trigger minions to run arbitrary commands as root.

The ClearFuncs class also exposes the method _prep_auth_info(), which returns the "root key" used to authenticate commands from the local root user on the master server. This "root key" can then be used to remotely call administrative commands on the master server. This unintentional exposure provides a remote un-authenticated attacker with root-equivalent access to the salt master.

CVE-2020-11652 - Directory traversal vulnerabilities

The wheel module contains commands used to read and write files under specific directory paths. The inputs to these functions are concatenated with the target directory and the resulting path is not canonicalized, leading to an escape of the intended path restriction.

The get_token() method of the salt.tokens.localfs class (which is exposed to unauthenticated requests by the ClearFuncs class) fails to sanitize the token input parameter which is then used as a filename, allowing insertion of ".." path elements and thus reading of files outside of the intended directory. The only restriction is that the file has to be deserializable by salt.payload.Serial.loads().


Discovery 2020-04-30
Entry 2020-05-16
py27-salt
py32-salt
py33-salt
py34-salt
py35-salt
py36-salt
py37-salt
py38-salt
< 2019.2.4

ge 3000 lt 3000.2

CVE-2020-11651
CVE-2020-11652
https://nvd.nist.gov/vuln/detail/CVE-2020-11651
https://nvd.nist.gov/vuln/detail/CVE-2020-11652
https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html
https://labs.f-secure.com/advisories/saltstack-authorization-bypass
https://blog.f-secure.com/new-vulnerabilities-make-exposed-salt-hosts-easy-targets/
https://www.tenable.com/blog/cve-2020-11651-cve-2020-11652-critical-salt-framework-vulnerabilities-exploited-in-the-wild