Saltstack Salt vulnerabilities
69 known vulnerabilities affecting saltstack/salt.
Total CVEs
69
CISA KEV
3
actively exploited
Public exploits
6
Exploited in wild
4
Severity breakdown
CRITICAL21HIGH25MEDIUM21LOW2
Vulnerabilities
Page 4 of 4
CVE-2025-22241P4MEDIUM≥ 3007.0rc1, < 3007.4≥ 3006.0rc1, < 3006.122025-06-13
CVE-2025-22241 [MEDIUM] CWE-22 Salt's file contents overwrite the VirtKey class
Salt's file contents overwrite the VirtKey class
File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location and is present in the default configuration.
ghsaosv
CVE-2020-17490P4MEDIUMCVSS 5.5fixed in 2015.8.10≥ 2015.8.11, < 2015.8.13+12 more2020-11-06
CVE-2020-17490 [MEDIUM] CWE-732 CVE-2020-17490: The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.
ghsanvdosv
CVE-2015-1838P4MEDIUMCVSS 5.3≤ 2014.7.32017-04-13
CVE-2015-1838 [MEDIUM] CWE-19 CVE-2015-1838: modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
ghsanvdosv
CVE-2015-1839P4MEDIUMCVSS 5.3≤ 2014.7.32017-04-13
CVE-2015-1839 [MEDIUM] CWE-19 CVE-2015-1839: modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
ghsanvdosv
CVE-2025-22242P4MEDIUM≥ 3007.0rc1, < 3007.4≥ 3006.0rc1, < 3006.122025-06-13
CVE-2025-22242 [MEDIUM] CWE-770 Salt's worker process vulnerable to denial of service through file read operation
Salt's worker process vulnerable to denial of service through file read operation
Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pub_ret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by atte
ghsaosv
CVE-2025-22238P4MEDIUM≥ 3006.0rc1, < 3006.12≥ 3007.0rc1, < 3007.42025-06-13
CVE-2025-22238 [MEDIUM] CWE-22 Salt vulnerable to directory traversal attack in minion file cache creation
Salt vulnerable to directory traversal attack in minion file cache creation
Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory.
ghsaosv
CVE-2021-25284P4MEDIUMCVSS 4.4fixed in 2015.8.10≥ 2015.8.11, < 2015.8.13+13 more2021-02-27
CVE-2021-25284 [MEDIUM] CWE-522 CVE-2021-25284: An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credent
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
ghsanvdosv
CVE-2022-22935P4LOWCVSS 3.7≥ 3002, < 3002.8≥ 3003, < 3003.4+1 more2022-03-29
CVE-2022-22935 [LOW] CWE-287 CVE-2022-22935: An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authen
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master.
ghsanvdosv
CVE-2015-8034P4LOWCVSS 3.3≤ 2015.8.22017-01-30
CVE-2015-8034 [LOW] CWE-200 CVE-2015-8034: The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows
The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.
ghsanvdosv
← Previous4 / 4