SaltStack (Python) – Support, CVEs & Health

GHSA-29j3-2446-5j4w CVSS_V3

SaltStack Salt Improper Validation of eauth credentials and tokens in salt-netapi

Published: 2022-05-24 Fixed in: 2015.8.13

GHSA-2q4g-wfm6-5fpm CVSS_V3

SaltStack Improper Verification of Cryptographic Signature

Published: 2022-03-30 Fixed in: 3002.8

GHSA-2qw3-2wv6-p64x CVSS_V3

Path traversal in saltstack

Published: 2024-06-27 Fixed in: 3005.5

GHSA-3c56-vx6v-q5vh CVSS_V3

SaltStack Salt Allows creating certificates with weak file permissions

Published: 2022-05-24 Fixed in: 2015.8.13

GHSA-4277-m35q-7c9w CVSS_V3

Salt preflight script could be attacker controlled

Published: 2024-11-14 Fixed in: 3005.4

GHSA-4j59-vv55-q6h3 CVSS_V3

Salt's salt.auth.pki module does not properly authenticate callers

Published: 2025-06-13 Fixed in: 3006.12

GHSA-5r3f-3m3j-wcj2 CVSS_V3

SaltStack Salt Authentication Bypass by Capture-replay

Published: 2022-03-30 Fixed in: 3002.8

GHSA-657p-cj5r-mjrh CVSS_V3

SaltStack Salt Denial of Service via a crafted authentication request

Published: 2022-05-17 Fixed in: 2016.3.8

GHSA-6grp-75pq-c8cj CVSS_V3

SaltStack has insecure /tmp file handling in salt/modules/chef.py

Published: 2022-05-17 Fixed in: 2014.7.4

GHSA-6prw-8xhm-h247 CVSS_V3

Salt uses weak permissions on the cache data

Published: 2022-05-17 Fixed in: 2015.8.3

SaltStack