CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
80.7%
Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to be loaded has already been determined to be safe.
Vendor | Product | Version | CPE |
---|---|---|---|
saltstack | salt | * | cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:* |
saltstack | salt | 0.6.0 | cpe:2.3:a:saltstack:salt:0.6.0:*:*:*:*:*:*:* |
saltstack | salt | 0.7.0 | cpe:2.3:a:saltstack:salt:0.7.0:*:*:*:*:*:*:* |
saltstack | salt | 0.8.0 | cpe:2.3:a:saltstack:salt:0.8.0:*:*:*:*:*:*:* |
saltstack | salt | 0.8.7 | cpe:2.3:a:saltstack:salt:0.8.7:*:*:*:*:*:*:* |
saltstack | salt | 0.8.8 | cpe:2.3:a:saltstack:salt:0.8.8:*:*:*:*:*:*:* |
saltstack | salt | 0.8.9 | cpe:2.3:a:saltstack:salt:0.8.9:*:*:*:*:*:*:* |
saltstack | salt | 0.9.0 | cpe:2.3:a:saltstack:salt:0.9.0:*:*:*:*:*:*:* |
saltstack | salt | 0.9.2 | cpe:2.3:a:saltstack:salt:0.9.2:*:*:*:*:*:*:* |
saltstack | salt | 0.9.3 | cpe:2.3:a:saltstack:salt:0.9.3:*:*:*:*:*:*:* |