openSUSE: Security Advisory for salt (SUSE-SU-2022:2178-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Advisory ROSA-SA-2023-2195

software: salt 3004.2 WASP: ROSA-CHROME packageevrstring: salt-3004.2-1.src.rpm CVE-ID: CVE-2022-22967 BDU-ID: 2022-03745 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PAM auth function of the Salt configuration management and remote operations execution system is related to the lack of a vali...

SUSE SLED15 / SLES15 Security Update : salt (SUSE-SU-2022:2304-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2304-1 advisory. - An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked...

SUSE: Security Advisory (SUSE-SU-2022:2278-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2022:2304-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2022:2278-1 Security update for salt

This update for salt fixes the following issues: - CVE-2022-22967: Fixed missing check for PAMACCTMGM return value that could by used to bypass authentication when using PAM bsc1200566...

SUSE SLES15 Security Update : salt (SUSE-SU-2022:2253-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2253-1 advisory. - An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allow...

SUSE-SU-2022:2253-1 Security update for salt

This update for salt fixes the following issues: - CVE-2022-22967: Fixed missing check for PAMACCTMGM return value that could be used to bypass authentication when using PAM bsc1200566...

SUSE: Security Advisory (SUSE-SU-2022:2178-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for salt (SUSE-SU-2022:2178-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE SLED15 / SLES15 Security Update : salt (SUSE-SU-2022:2178-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2178-1 advisory. - An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked...

SUSE-SU-2022:2178-2 Security update for salt

This update for salt fixes the following issues: - CVE-2022-22967: Fixed missing check for PAMACCTMGM return value that could be used to bypass PAM authentication bsc1200566...

SUSE-SU-2022:2178-1 Security update for salt

This update for salt fixes the following issues: - CVE-2022-22967: Fixed missing check for PAMACCTMGM return value that could be used to bypass PAM authentication bsc1200566...

CVE-2022-22967

creationtimestamp| type| source ---|---|--- 2022-06-23 20:29:56+00:00| seen| https://t.me/cibsecurity/44997...

elita (>=0.60.0 <=0.64.1), slskit (>=2020.1.1 <=2020.9.0) potentially affected by CVE-2022-22967 via salt (>=2014.1.10 <=3001.8.0)

salt PYPI version =2014.1.10, =0.60.0, =2020.1.1, =2020.9.0 Source cves: CVE-2022-22967 Source advisory: OSV:PYSEC-2022-210...

SUSE-SU-2022:2159-1 Security update for salt

This update for salt fixes the following issues: - CVE-2022-22967: Fixed missing check for PAMACCTMGM return value that could be used to bypass authentication when using PAM bsc1200566...

SUSE-SU-2022:2154-1 Security update for salt

This update for salt fixes the following issues: - CVE-2022-22967: Fixed missing check for PAMACCTMGM return value that could lead to authentication bypass when using PAM bsc1200566...

CVE-2022-22967

CVE-2022-22967 affects SaltStack Salt prior to 3002.9, 3003.5, and 3004.2. The issue is that PAM authentication fails to reject locked accounts, allowing a previously authorized user with an active or API session to run Salt commands even when the account is locked (including salt-api via PAM eau...

Concrete CMS < 8.5.7 Multiple Vulnerabilities

Concrete CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:concretecms:concretecms"; if...

CVE-2021-22967

Concrete CMS (formerly concrete5) before 8.5.7 is affected by CVE-2021-22967, an improper access control that allows an unauthenticated user to access restricted files when they can add a message to a conversation (IDOR). The root cause is an insufficient permission check when attaching files to ...