FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-01-21 22:24:55 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
6bf55af9-973b-11ea-9f2c-38d547003487	salt -- multiple vulnerabilities in salt-master process F-Secure reports: CVE-2020-11651 - Authentication bypass vulnerabilities The ClearFuncs class processes unauthenticated requests and unintentionally exposes the _send_pub() method, which can be used to queue messages directly on the master publish server. Such messages can be used to trigger minions to run arbitrary commands as root. The ClearFuncs class also exposes the method _prep_auth_info(), which returns the "root key" used to authenticate commands from the local root user on the master server. This "root key" can then be used to remotely call administrative commands on the master server. This unintentional exposure provides a remote un-authenticated attacker with root-equivalent access to the salt master. CVE-2020-11652 - Directory traversal vulnerabilities The wheel module contains commands used to read and write files under specific directory paths. The inputs to these functions are concatenated with the target directory and the resulting path is not canonicalized, leading to an escape of the intended path restriction. The get_token() method of the salt.tokens.localfs class (which is exposed to unauthenticated requests by the ClearFuncs class) fails to sanitize the token input parameter which is then used as a filename, allowing insertion of ".." path elements and thus reading of files outside of the intended directory. The only restriction is that the file has to be deserializable by salt.payload.Serial.loads(). Discovery 2020-04-30 Entry 2020-05-16 py27-salt py32-salt py33-salt py34-salt py35-salt py36-salt py37-salt py38-salt < 2019.2.4 >= 3000 lt 3000.2 CVE-2020-11651 CVE-2020-11652 https://nvd.nist.gov/vuln/detail/CVE-2020-11651 https://nvd.nist.gov/vuln/detail/CVE-2020-11652 https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html https://labs.f-secure.com/advisories/saltstack-authorization-bypass https://blog.f-secure.com/new-vulnerabilities-make-exposed-salt-hosts-easy-targets/ https://www.tenable.com/blog/cve-2020-11651-cve-2020-11652-critical-salt-framework-vulnerabilities-exploited-in-the-wild
a1e03a3d-7be0-11eb-b392-20cf30e32f6d	salt -- multiple vulnerabilities SaltStack reports multiple security vulnerabilities in Salt CVE-2021-3197: The Salt-API.s SSH client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request. CVE-2021-25281: The Salt-API does not have eAuth credentials for the wheel_async client. CVE-2021-25282: The salt.wheel.pillar_roots.write method is vulnerable to directory traversal. CVE-2021-25283: The jinja renderer does not protect against server-side template injection attacks. CVE-2021-25284: webutils write passwords in cleartext to /var/log/salt/minion CVE-2021-3148: command injection in salt.utils.thin.gen_thin() CVE-2020-35662: Several places where Salt was not verifying the SSL cert by default. CVE-2021-3144: eauth Token can be used once after expiration. CVE-2020-28972: Code base not validating SSL/TLS certificate of the server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack CVE-2020-28243: Local Privilege Escalation in the Minion. Discovery 2021-02-25 Entry 2021-03-03 py36-salt-2019 py37-salt-2019 py38-salt-2019 py36-salt py37-salt py38-salt py39-salt < 2019.2.8 >= 3000 lt 3002.5 "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/" CVE-2021-3197 CVE-2021-25281 CVE-2021-25282 CVE-2021-25283 CVE-2021-25284 CVE-2021-3148 CVE-2020-35662 CVE-2021-3144 CVE-2020-28972 CVE-2020-28243

VuXML ID

Description

6bf55af9-973b-11ea-9f2c-38d547003487

salt -- multiple vulnerabilities in salt-master process

F-Secure reports:

CVE-2020-11651 - Authentication bypass vulnerabilities

The ClearFuncs class processes unauthenticated requests and unintentionally exposes the _send_pub() method, which can be used to queue messages directly on the master publish server. Such messages can be used to trigger minions to run arbitrary commands as root.

The ClearFuncs class also exposes the method _prep_auth_info(), which returns the "root key" used to authenticate commands from the local root user on the master server. This "root key" can then be used to remotely call administrative commands on the master server. This unintentional exposure provides a remote un-authenticated attacker with root-equivalent access to the salt master.

CVE-2020-11652 - Directory traversal vulnerabilities

The wheel module contains commands used to read and write files under specific directory paths. The inputs to these functions are concatenated with the target directory and the resulting path is not canonicalized, leading to an escape of the intended path restriction.

The get_token() method of the salt.tokens.localfs class (which is exposed to unauthenticated requests by the ClearFuncs class) fails to sanitize the token input parameter which is then used as a filename, allowing insertion of ".." path elements and thus reading of files outside of the intended directory. The only restriction is that the file has to be deserializable by salt.payload.Serial.loads().

Discovery 2020-04-30
Entry 2020-05-16
py27-salt
py32-salt
py33-salt
py34-salt
py35-salt
py36-salt
py37-salt
py38-salt

< 2019.2.4

>= 3000 lt 3000.2

CVE-2020-11651
CVE-2020-11652
https://nvd.nist.gov/vuln/detail/CVE-2020-11651
https://nvd.nist.gov/vuln/detail/CVE-2020-11652
https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html
https://labs.f-secure.com/advisories/saltstack-authorization-bypass
https://blog.f-secure.com/new-vulnerabilities-make-exposed-salt-hosts-easy-targets/
https://www.tenable.com/blog/cve-2020-11651-cve-2020-11652-critical-salt-framework-vulnerabilities-exploited-in-the-wild

a1e03a3d-7be0-11eb-b392-20cf30e32f6d

salt -- multiple vulnerabilities

SaltStack reports multiple security vulnerabilities in Salt

CVE-2021-3197: The Salt-API.s SSH client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.

CVE-2021-25281: The Salt-API does not have eAuth credentials for the wheel_async client.

CVE-2021-25282: The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.

CVE-2021-25283: The jinja renderer does not protect against server-side template injection attacks.

CVE-2021-25284: webutils write passwords in cleartext to /var/log/salt/minion

CVE-2021-3148: command injection in salt.utils.thin.gen_thin()

CVE-2020-35662: Several places where Salt was not verifying the SSL cert by default.

CVE-2021-3144: eauth Token can be used once after expiration.

CVE-2020-28972: Code base not validating SSL/TLS certificate of the server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack

CVE-2020-28243: Local Privilege Escalation in the Minion.

Discovery 2021-02-25
Entry 2021-03-03
py36-salt-2019
py37-salt-2019
py38-salt-2019
py36-salt
py37-salt
py38-salt
py39-salt

< 2019.2.8

>= 3000 lt 3002.5

"https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/"
CVE-2021-3197
CVE-2021-25281
CVE-2021-25282
CVE-2021-25283
CVE-2021-25284
CVE-2021-3148
CVE-2020-35662
CVE-2021-3144
CVE-2020-28972
CVE-2020-28243