These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2020-16846 is a SaltStack Salt shell injection vulnerability that CISA lists in its Known Exploited Vulnerabilities catalog. The KEV entry indicates it has been observed as exploited in the wild and directs organizations to apply updates per vendor instructions. Given its known-exploitation status, this issue should be treated as a high-priority patching item.
CVE-2020-11652 is a SaltStack Salt path traversal vulnerability that CISA lists in its Known Exploited Vulnerabilities catalog. For defenders, the key signal is not just the vulnerability type, but that it is treated as known exploited and should be prioritized for remediation using vendor guidance.
CVE-2020-11651 is a SaltStack Salt authentication bypass issue that CISA has listed in its Known Exploited Vulnerabilities catalog. In the supplied corpus, CISA’s guidance is straightforward: apply vendor updates per SaltStack instructions and treat affected deployments as a priority for remediation.
CVE-2016-9639 is a critical access-control issue in Salt affecting versions before 2015.8.11. According to the CVE description, deleted minions could read from or write to other minions that later reused the same ID, with the problem tied to caching. In practice, that means minion identity reuse could expose data or permit unintended state changes across machines that share an identifier over time.
CVE-2016-3176 is a Salt authentication flaw affecting deployments that use PAM external authentication. In the affected versions, an attacker could bypass the configured authentication service by sending an alternate service value with a command to LocalClient. The issue is rated Medium by NVD and is addressed by the Salt release updates referenced in the vendor notes.
CVE-2015-8034 is a low-severity information disclosure issue in Salt before 2015.8.3. The state.sls function used weak permissions on cached data, which could allow a local user to read the cache file and obtain sensitive information. The issue is limited to systems where an untrusted local account can access the host, and the vulnerable range identified by NVD extends through 2015.8.2.