Lucene search
K

52 matches found

SUSE Linux
SUSE Linux
added 2025/07/23 12:44 p.m.7 views

Security update 5.0.5 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2024-38822: Fixed Minion token validation bsc1244561 CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 CVE-2024-38824: Fixed directory traversal...

9.6CVSS7.6AI score0.00982EPSS
Exploits0References52
SUSE Linux
SUSE Linux
added 2025/07/23 12:43 p.m.5 views

Security update 5.0.5 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2024-38822: Fixed Minion token validation bsc1244561 CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 CVE-2024-38824: Fixed directory traversal...

9.6CVSS7.6AI score0.00982EPSS
Exploits0References52
OSV
OSV
added 2025/07/23 12:43 p.m.5 views

SUSE-SU-2025:02491-1 Security update 5.0.5 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Security issues fixed: - CVE-2024-38822: Fixed Minion token validation bsc1244561 - CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 - CVE-2024-38824: Fixed directory...

9.6CVSS7AI score0.00982EPSS
Exploits0References26
SUSE Linux
SUSE Linux
added 2025/07/23 12:41 p.m.8 views

Security update 5.0.5 for Multi-Linux Manager Client Tools

This update fixes the following issues: salt: Security issues fixed: CVE-2024-38822: Fixed Minion token validation bsc1244561 CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 CVE-2024-38824: Fixed directory traversal vulnerability in...

9.6CVSS7.5AI score0.00982EPSS
Exploits0References74
Tenable Nessus
Tenable Nessus
added 2025/06/19 12:0 a.m.5 views

SaltStack 3000 < 3006.12 / 3007 < 3007.4 Multiple Vulnerabilities

According to its self-reported version number, the instance of SaltStack hosted on the remote server is affected by multiple vulnerabilities, including the following: - Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...

9.6CVSS7.2AI score0.00982EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2025/06/14 2:56 a.m.3 views

SUSE CVE-2025-22236

Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions = 3007.0...

8.1CVSS7.1AI score0.00149EPSS
Exploits0References24
SUSE CVE
SUSE CVE
added 2025/06/14 2:56 a.m.5 views

SUSE CVE-2025-22239

Arbitrary event injection on Salt Master. The master's "minionevent" method can be used by and authorized minion to send arbitrary events onto the master's event bus...

8.1CVSS7.5AI score0.00159EPSS
Exploits0References23
RedhatCVE
RedhatCVE
added 2025/06/13 6:19 p.m.6 views

CVE-2025-22236

Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions = 3007.0. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security...

8.1CVSS7.9AI score0.00149EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/06/13 5:34 p.m.7 views

CVE-2025-22239

Arbitrary event injection on Salt Master. The master's "minionevent" method can be used by and authorized minion to send arbitrary events onto the master's event bus. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product...

8.1CVSS8.1AI score0.00159EPSS
Exploits0References2
OSV
OSV
added 2025/06/13 9:30 a.m.1 views

GHSA-JH7C-XH74-H76F Salt has minion event bus authorization bypass vulnerability

Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions = 3007.0...

8.1CVSS7.2AI score0.00149EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/06/13 9:30 a.m.5 views

Salt has minion event bus authorization bypass vulnerability

Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions = 3007.0...

8.1CVSS8.1AI score0.00149EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2025/06/13 7:43 a.m.2 views

Missing Authorization

Overview salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more. Affected versions of this package are vulnerable t...

8.1CVSS7.1AI score0.00149EPSS
Exploits0References2
Snyk
Snyk
added 2025/06/13 7:41 a.m.1 views

Incorrect Permission Assignment for Critical Resource

Overview salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more. Affected versions of this package are vulnerable t...

8.1CVSS7AI score0.00159EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/06/13 7:15 a.m.2 views

CVE-2025-22239

Arbitrary event injection on Salt Master. The master's "minionevent" method can be used by and authorized minion to send arbitrary events onto the master's event bus...

8.1CVSS7.7AI score0.00159EPSS
Exploits0References2
NVD
NVD
added 2025/06/13 7:15 a.m.10 views

CVE-2025-22239

Arbitrary event injection on Salt Master. The master's "minionevent" method can be used by and authorized minion to send arbitrary events onto the master's event bus...

8.1CVSS0.00159EPSS
Exploits0References2
NVD
NVD
added 2025/06/13 7:15 a.m.9 views

CVE-2025-22236

Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions = 3007.0...

8.1CVSS0.00149EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/06/13 7:15 a.m.3 views

CVE-2025-22236

Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions = 3007.0...

8.1CVSS7.4AI score0.00149EPSS
Exploits0References2
OSV
OSV
added 2025/06/13 7:15 a.m.6 views

UBUNTU-CVE-2025-22236

Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions = 3007.0...

8.1CVSS5.8AI score0.00149EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/06/13 7:0 a.m.17 views

CVE-2025-22239 CVE-2025-22239 salt advisory

Arbitrary event injection on Salt Master. The master's "minionevent" method can be used by and authorized minion to send arbitrary events onto the master's event bus...

8.1CVSS0.00159EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/13 6:53 a.m.17 views

CVE-2025-22236 CVE-2025-22236 salt advisory

Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions = 3007.0...

8.1CVSS0.00149EPSS
Exploits0References2
Rows per page
Query Builder