SUSE SLES12 Security Update : salt (SUSE-SU-2022:1051-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1051-1 advisory. - An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with th...

CVE-2022-22934

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data...

PYSEC-2022-171

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data...

PYSEC-2022-171

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data...

PYSEC-2022-173

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A...

PT-2022-15743 · Saltstack +2 · Saltstack Salt +2

Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions prior to 3002.8 SaltStack Salt versions prior to 3003.4 SaltStack Salt versions prior to 3004.1 Description: An issue in SaltStack Salt allows a man-in-the-middle MiTM attacker to impersonate a master and cause a minio...

PT-2022-15742 · Saltstack +2 · Saltstack Salt +2

Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions prior to 3002.8 SaltStack Salt versions prior to 3003.4 SaltStack Salt versions prior to 3004.1 Description: An issue was discovered in SaltStack Salt where Salt Masters do not sign pillar data with the minion’s public...

PT-2022-15745 · Saltstack +2 · Saltstack Salt +2

Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions prior to 3002.8 SaltStack Salt versions prior to 3003.4 SaltStack Salt versions prior to 3004.1 Description: An issue was discovered in SaltStack Salt when configured as a Master-of-Masters with a publisher acl. If a...