CVE-2014-3563
published 2014-08-22CVE-2014-3563: Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary…
PriorityP423high7.2CVSS 2.0
AVLACLAuNCCICAC
EPSS
0.41%
32.5th percentile
Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| saltstack | salt | <= 2014.1.9 | — |
| saltstack | salt | >= 0 < 2014.1.10 | 2014.1.10 |
| saltstack | salt | >= 0 < 0.17.5+ds-1ubuntu0.1~esm1 | 0.17.5+ds-1ubuntu0.1~esm1 |
| saltstack | salt | >= 0 < 2015.8.8+ds-1ubuntu0.1+esm1 | 2015.8.8+ds-1ubuntu0.1+esm1 |
CVSS provenance
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH
vendor_ubuntu7.2HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
SaltStack Salt Insecure Temporary File Creation
ghsa·2022-05-17
CVE-2014-3563 [HIGH] CWE-59 SaltStack Salt Insecure Temporary File Creation
SaltStack Salt Insecure Temporary File Creation
Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.
OSV
SaltStack Salt Insecure Temporary File Creation
osv·2022-05-17
CVE-2014-3563 [HIGH] SaltStack Salt Insecure Temporary File Creation
SaltStack Salt Insecure Temporary File Creation
Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.
OSV
salt vulnerabilities
osv·2021-03-15·CVSS 7.2
CVE-2014-3563 [HIGH] salt vulnerabilities
salt vulnerabilities
It was discovered that Salt allowed remote attackers to write to
arbitrary files via a special crafted file. An attacker could use this
vulnerability to cause a DoS or possibly execute arbitrary code. This
issue only affected Ubuntu 14.04 ESM. (CVE-2014-3563)
Andreas Stieger discovered that Salt exposed git usernames and passwords
in log files. An attacker could use this issue to retrieve sensitive
information. This issue only affected Ubuntu 14.04 ESM. (CVE-2015-6918).
It was discovered that Salt exposed password authentication
credentials in log files. An attacker could use this issue to retrieve
sensitive information. This issue only affected Ubuntu 14.04 ESM.
(CVE-2015-6941)
It was discovered that Salt allowed remote attackers to write to
arbitrary files via a
OSV
CVE-2014-3563: Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014
osv·2014-08-22
CVE-2014-3563 CVE-2014-3563: Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014
Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.
Ubuntu
Salt vulnerabilities
vendor_ubuntu·2021-03-15·CVSS 7.2
CVE-2015-6918 [HIGH] Salt vulnerabilities
Title: Salt vulnerabilities
Summary: Several security issues were fixed in Salt.
It was discovered that Salt allowed remote attackers to write to
arbitrary files via a special crafted file. An attacker could use this
vulnerability to cause a DoS or possibly execute arbitrary code. This
issue only affected Ubuntu 14.04 ESM. (CVE-2014-3563)
Andreas Stieger discovered that Salt exposed git usernames and passwords
in log files. An attacker could use this issue to retrieve sensitive
information. This issue only affected Ubuntu 14.04 ESM. (CVE-2015-6918).
It was discovered that Salt exposed password authentication
credentials in log files. An attacker could use this issue to retrieve
sensitive information. This issue only affected Ubuntu 14.04 ESM.
(CVE-2015-6941)
It was discovered that Sal
No detection rules found.
No public exploits indexed.
http://docs.saltstack.com/en/latest/topics/releases/2014.1.10.htmlhttp://seclists.org/oss-sec/2014/q3/428http://www.securityfocus.com/bid/69319https://exchange.xforce.ibmcloud.com/vulnerabilities/95392http://docs.saltstack.com/en/latest/topics/releases/2014.1.10.htmlhttp://seclists.org/oss-sec/2014/q3/428http://www.securityfocus.com/bid/69319https://exchange.xforce.ibmcloud.com/vulnerabilities/95392
2014-08-22
Published