GHSA-8j9g-c9rp-jvg4

Source

https://github.com/advisories/GHSA-8j9g-c9rp-jvg4

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8j9g-c9rp-jvg4/GHSA-8j9g-c9rp-jvg4.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-8j9g-c9rp-jvg4

Aliases

CVE-2015-4017
PYSEC-2017-31

Published

2022-05-14T03:07:28Z

Modified

2024-10-21T21:40:50.662534Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

Salt vulnerable to Improper Certificate Validation

Details

Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules.

Database specific

{
    "cwe_ids": [
        "CWE-295"
    ],
    "github_reviewed": true,
    "severity": "HIGH",
    "nvd_published_at": "2017-08-25T18:29:00Z",
    "github_reviewed_at": "2024-04-29T11:12:51Z"
}

References

Affected packages

PyPI / salt

Package

Name: salt; View open source insights on deps.dev
Purl: pkg:pypi/salt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2014.7.6

Affected versions

0.*

0.8.7

0.8.9

0.9.0

0.9.1

0.9.2

0.9.3

0.9.4

0.9.5

0.9.6

0.9.7

0.9.8

0.9.9

0.9.9.1

0.10.0

0.10.1

0.10.2

0.10.3

0.10.4

0.10.5

0.11.0

0.11.1

0.12.0

0.12.1

0.13.0

0.13.1

0.13.2

0.13.3

0.14.0

0.14.1

0.15.0

0.15.1

0.15.2

0.15.3

0.15.90

0.16.0

0.16.1

0.16.2

0.16.3

0.16.4

0.17.0rc1

0.17.0

0.17.1

0.17.2

0.17.3

0.17.4

0.17.5

2014.*

2014.1.0rc1

2014.1.0rc2

2014.1.0rc3

2014.1.0

2014.1.1

2014.1.2

2014.1.3

2014.1.4

2014.1.5

2014.1.6

2014.1.7

2014.1.8

2014.1.9

2014.1.10

2014.1.11

2014.1.12

2014.1.13

2014.7.0rc1

2014.7.0rc2

2014.7.0rc3

2014.7.0rc4

2014.7.0rc5

2014.7.0rc6

2014.7.0rc7

2014.7.0

2014.7.1

2014.7.2

2014.7.3

2014.7.4

2014.7.5