Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

SaltStack 3000 < 3006.12 / 3007 < 3007.4 Multiple Vulnerabilities

🗓️ 19 Jun 2025 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 4 Views

SaltStack versions 3000 to 3007.4 have multiple vulnerabilities including directory traversal and event injection.

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins		Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues
28 Aug 202521:17
ibm
IBM Security Bulletins		Security Bulletin: AIX/VIOS is vulnerable to arbitrary code execution (CVE-2025-3277, CVE-2025-29087) and denial of service (CVE-2025-29088) due to RPM
17 Jul 202516:10
ibm
IBM Security Bulletins		Security Bulletin: Multiple vulnerabilities in IBM Watsonx BI Assistant for CP4D
15 Dec 202515:39
ibm
FreeBSD		sqlite -- integer overflow
7 Apr 202500:00
freebsd
ATTACKERKB		CVE-2024-38824
13 Jun 202508:15
attackerkb
AlpineLinux		CVE-2024-38822
13 Jun 202507:15
alpinelinux
AlpineLinux		CVE-2024-38823
13 Jun 202507:15
alpinelinux
AlpineLinux		CVE-2024-38824
13 Jun 202508:15
alpinelinux
AlpineLinux		CVE-2024-38825
13 Jun 202507:15
alpinelinux
AlpineLinux		CVE-2025-22236
13 Jun 202507:15
alpinelinux
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(240180);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/21");

  script_cve_id(
    "CVE-2024-38822",
    "CVE-2024-38823",
    "CVE-2024-38824",
    "CVE-2024-38825",
    "CVE-2025-22236",
    "CVE-2025-22237",
    "CVE-2025-22238",
    "CVE-2025-22239",
    "CVE-2025-22240",
    "CVE-2025-22241",
    "CVE-2025-22242",
    "CVE-2025-29087"
  );
  script_xref(name:"IAVA", value:"2025-A-0434-S");

  script_name(english:"SaltStack 3000 <  3006.12 / 3007 < 3007.4 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The version of SaltStack running on the remote server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the instance of SaltStack hosted on the remote server is affected by
multiple vulnerabilities, including the following:

  - Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master
    cache directory. (CVE-2024-38824)

  - Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which
    may be able to execute a job on other minions (>= 3007.0). (CVE-2025-22236)

  - Arbitrary event injection on Salt Master. The master's _minion_event method can be used by and authorized
    minion to send arbitrary events onto the master's event bus. (CVE-2025-22239)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version");
  # https://saltproject.io/security-announcements/2025-06-12-advisory-3006-12-3007-4/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f8eb1393");
  script_set_attribute(attribute:"solution", value:
"Upgrade to SaltStack version referenced in the vendor security advisory.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-38824");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/05/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/05/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/06/19");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:saltstack:salt");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("saltstack_salt_linux_installed.nbin");
  script_require_keys("installed_sw/SaltStack Salt Master");

  exit(0);
}

include('vcf.inc');

var app_info = vcf::get_app_info(app:'SaltStack Salt Master');

vcf::check_all_backporting(app_info:app_info);

var constraints = [
  { 'min_version' : '3000.0', 'fixed_version' : '3006.12' },
  { 'min_version' : '3007.0', 'fixed_version' : '3007.4' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Jan 2026 00:00Current
7.2High risk
Vulners AI Score7.2
CVSS 3.17.5 - 9.6
EPSS0.00378
SSVC
saltstack vulnerabilitiesdirectory traversalevent bus bypassarbitrary event injection
4