CVE-2018-15751
published 2018-10-24CVE-2018-15751: SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).
PriorityP268critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
5.20%
91.4th percentile
SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| saltstack | salt | < 2017.7.8 | 2017.7.8 |
| saltstack | salt | >= 0 < 2017.7.8 | 2017.7.8 |
| saltstack | salt | >= 0 < 2015.8.8+ds-1ubuntu0.1 | 2015.8.8+ds-1ubuntu0.1 |
| saltstack | salt | >= 0 < 2017.7.4+dfsg1-1ubuntu18.04.2 | 2017.7.4+dfsg1-1ubuntu18.04.2 |
| saltstack | salt | >= 0 < 0.17.5+ds-1ubuntu0.1~esm1 | 0.17.5+ds-1ubuntu0.1~esm1 |
| saltstack | salt | >= 0 < 2015.8.8+ds-1ubuntu0.1+esm1 | 2015.8.8+ds-1ubuntu0.1+esm1 |
| saltstack | salt | >= 2016.11.0 < 2016.11.10 | 2016.11.10 |
| saltstack | salt | >= 2017.7.0 < 2017.7.8 | 2017.7.8 |
| saltstack | salt | >= 2018.3.0 < 2018.3.3 | 2018.3.3 |
| saltstack | salt | >= 2018.3.0 < 2018.3.3 | 2018.3.3 |
Detection & IOCsextracted from sources · hover to see the quote
- →Target the salt-api (netapi) endpoint for authentication bypass attempts — remote attackers exploit this interface to bypass authentication and execute arbitrary commands ↗
- →Monitor salt-api for unauthenticated requests that result in command execution on the salt-api host ↗
- ·Vulnerable versions are SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3; fixed in 2017.7.8, 2018.3.3, and 2019.2.0+ ↗
- ·Fix confirmed available in Fedora as of Salt 2019.2.0 ↗
- ·Upstream fix changelogs available at the SaltStack release notes for 2017.7.8 and 2018.3.3 ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.2HIGH
vendor_redhat9.8CRITICAL
vendor_ubuntu7.2HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
SaltStack Salt Remote command execution and incorrect access control when using salt-api
ghsa·2022-05-13
CVE-2018-15751 [CRITICAL] CWE-287 SaltStack Salt Remote command execution and incorrect access control when using salt-api
SaltStack Salt Remote command execution and incorrect access control when using salt-api
SaltStack Salt 2016.11.x before 2016.11.10, 2017.7.x before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).
OSV
SaltStack Salt Remote command execution and incorrect access control when using salt-api
osv·2022-05-13
CVE-2018-15751 [CRITICAL] SaltStack Salt Remote command execution and incorrect access control when using salt-api
SaltStack Salt Remote command execution and incorrect access control when using salt-api
SaltStack Salt 2016.11.x before 2016.11.10, 2017.7.x before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).
OSV
salt vulnerabilities
osv·2021-03-15·CVSS 7.2
CVE-2014-3563 [HIGH] salt vulnerabilities
salt vulnerabilities
It was discovered that Salt allowed remote attackers to write to
arbitrary files via a special crafted file. An attacker could use this
vulnerability to cause a DoS or possibly execute arbitrary code. This
issue only affected Ubuntu 14.04 ESM. (CVE-2014-3563)
Andreas Stieger discovered that Salt exposed git usernames and passwords
in log files. An attacker could use this issue to retrieve sensitive
information. This issue only affected Ubuntu 14.04 ESM. (CVE-2015-6918).
It was discovered that Salt exposed password authentication
credentials in log files. An attacker could use this issue to retrieve
sensitive information. This issue only affected Ubuntu 14.04 ESM.
(CVE-2015-6941)
It was discovered that Salt allowed remote attackers to write to
arbitrary files via a
OSV
salt vulnerabilities
osv·2020-08-13·CVSS 5.3
CVE-2018-15750 [MEDIUM] salt vulnerabilities
salt vulnerabilities
It was discovered that Salt allows remote attackers to determine which files
exist on the server. An attacker could use that to extract sensitive
information. (CVE-2018-15750)
It was discovered that Salt has a vulnerability that allows an user to bypass
authentication. An attacker could use that to extract sensitive information,
execute abritrary code or crash the server. (CVE-2018-15751)
It was discovered that Salt is vulnerable to command injection. This allows
an unauthenticated attacker with network access to the API endpoint to
execute arbitrary code on the salt-api host. (CVE-2019-17361)
It was discovered that Salt incorrectly validated method calls and
sanitized paths. A remote attacker could possibly use this issue to access
some methods without authenticat
OSV
CVE-2018-15751: SaltStack Salt before 2017
osv·2018-10-24
CVE-2018-15751 CVE-2018-15751: SaltStack Salt before 2017
SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).
Ubuntu
Salt vulnerabilities
vendor_ubuntu·2021-03-15·CVSS 7.2
CVE-2015-6918 [HIGH] Salt vulnerabilities
Title: Salt vulnerabilities
Summary: Several security issues were fixed in Salt.
It was discovered that Salt allowed remote attackers to write to
arbitrary files via a special crafted file. An attacker could use this
vulnerability to cause a DoS or possibly execute arbitrary code. This
issue only affected Ubuntu 14.04 ESM. (CVE-2014-3563)
Andreas Stieger discovered that Salt exposed git usernames and passwords
in log files. An attacker could use this issue to retrieve sensitive
information. This issue only affected Ubuntu 14.04 ESM. (CVE-2015-6918).
It was discovered that Salt exposed password authentication
credentials in log files. An attacker could use this issue to retrieve
sensitive information. This issue only affected Ubuntu 14.04 ESM.
(CVE-2015-6941)
It was discovered that Sal
Ubuntu
Salt vulnerabilities
vendor_ubuntu·2020-08-13·CVSS 5.3
CVE-2018-15750 [MEDIUM] Salt vulnerabilities
Title: Salt vulnerabilities
Summary: Several security issues were fixed in Salt.
It was discovered that Salt allows remote attackers to determine which files
exist on the server. An attacker could use that to extract sensitive
information. (CVE-2018-15750)
It was discovered that Salt has a vulnerability that allows an user to bypass
authentication. An attacker could use that to extract sensitive information,
execute abritrary code or crash the server. (CVE-2018-15751)
It was discovered that Salt is vulnerable to command injection. This allows
an unauthenticated attacker with network access to the API endpoint to
execute arbitrary code on the salt-api host. (CVE-2019-17361)
It was discovered that Salt incorrectly validated method calls and
sanitized paths. A remote attacker could possi
Red Hat
salt: Remote command execution and incorrect access control when using salt-api
vendor_redhat·2018-10-25·CVSS 9.8
CVE-2018-15751 [CRITICAL] CWE-20 salt: Remote command execution and incorrect access control when using salt-api
salt: Remote command execution and incorrect access control when using salt-api
SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).
Package: salt (Red Hat Ceph Storage 2) - Not affected
Package: heketi (Red Hat OpenShift Container Platform 3.10) - Not affected
Package: atomic-openshift (Red Hat OpenShift Container Platform 3.11) - Not affected
Package: cluster-autoscaler (Red Hat OpenShift Container Platform 3.11) - Not affected
Package: heketi (Red Hat Storage 3) - Not affected
No detection rules found.
No public exploits indexed.
arXiv
Tracking Patches for Open Source Software Vulnerabilities
arxiv_fulltext·2023-09-30
Tracking Patches for Open Source Software Vulnerabilities
Tracking Patches for Open Source Software Vulnerabilities
Congying Xu
Also with Shanghai Key Laboratory of Data Science, and Shanghai Collaborative Innovation Center of Intelligent Visual Computing.
School of Computer Science
Fudan University
Shanghai
China
Bihuan Chen
[1]
Bihuan Chen is the corresponding author.
School of Computer Science
Fudan University
Shanghai
China
Chenhao Lu
[1]
School of Computer Science
Fudan University
Shanghai
China
Kaifeng Huang
[1]
School of Computer Science
Fudan University
Shanghai
China
Xin Peng
[1]
School of Computer Science
Fudan University
Shanghai
China
Yang Liu
School of Computer Science and Engineering
Nanyang Technological University
Singapore
## Abstract
Open source software (OSS) vulnerabilities threaten the security of software syste
Bugzilla
CVE-2018-15751 heketi: salt: Remote command execution and incorrect access control when using salt-api [fedora-all]
bugzilla·2018-10-31·CVSS 9.8
CVE-2018-15751 [CRITICAL] CVE-2018-15751 heketi: salt: Remote command execution and incorrect access control when using salt-api [fedora-all]
CVE-2018-15751 heketi: salt: Remote command execution and incorrect access control when using salt-api [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this iss
Bugzilla
CVE-2018-15751 salt: Remote command execution and incorrect access control when using salt-api [epel-all]
bugzilla·2018-10-31·CVSS 9.8
CVE-2018-15751 [CRITICAL] CVE-2018-15751 salt: Remote command execution and incorrect access control when using salt-api [epel-all]
CVE-2018-15751 salt: Remote command execution and incorrect access control when using salt-api [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects m
Bugzilla
CVE-2018-15751 salt: Remote command execution and incorrect access control when using salt-api
bugzilla·2018-10-31·CVSS 9.8
CVE-2018-15751 [CRITICAL] CVE-2018-15751 salt: Remote command execution and incorrect access control when using salt-api
CVE-2018-15751 salt: Remote command execution and incorrect access control when using salt-api
SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).
Upstream Changelog:
https://docs.saltstack.com/en/2017.7/topics/releases/2017.7.8.html
https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html
Discussion:
Created heketi tracking bugs for this issue:
Affects: fedora-all [bug 1644490]
Created salt tracking bugs for this issue:
Affects: epel-all [bug 1644492]
Affects: fedora-all [bug 1644491]
---
Until release 1.9 of Kubernetes there where configuration files for installing Kubernetes via Saltstack included in the Kubernetes repository. However the only supported conf
Bugzilla
CVE-2018-15751 salt: Remote command execution and incorrect access control when using salt-api [fedora-all]
bugzilla·2018-10-31·CVSS 9.8
CVE-2018-15751 [CRITICAL] CVE-2018-15751 salt: Remote command execution and incorrect access control when using salt-api [fedora-all]
CVE-2018-15751 salt: Remote command execution and incorrect access control when using salt-api [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affec
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.htmlhttps://docs.saltstack.com/en/2017.7/topics/releases/2017.7.8.htmlhttps://docs.saltstack.com/en/latest/topics/releases/2018.3.3.htmlhttps://groups.google.com/d/msg/salt-users/L9xqcJ0UXxs/qgDj42obBQAJhttps://groups.google.com/d/msg/salt-users/dimVF7rpphY/jn3Xv3MbBQAJhttps://lists.debian.org/debian-lts-announce/2020/07/msg00024.htmlhttps://usn.ubuntu.com/4459-1/http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.htmlhttps://docs.saltstack.com/en/2017.7/topics/releases/2017.7.8.htmlhttps://docs.saltstack.com/en/latest/topics/releases/2018.3.3.htmlhttps://groups.google.com/d/msg/salt-users/L9xqcJ0UXxs/qgDj42obBQAJhttps://groups.google.com/d/msg/salt-users/dimVF7rpphY/jn3Xv3MbBQAJhttps://lists.debian.org/debian-lts-announce/2020/07/msg00024.htmlhttps://usn.ubuntu.com/4459-1/
2018-10-24
Published