Lucene search
+L

124 matches found

susecve
susecve
added 2025/06/14 2:56 a.m.4 views

SUSE CVE-2025-22237

An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process...

6.7CVSS7.1AI score0.00157EPSS
Exploits0References23
snyk
snyk
added 2025/06/13 7:43 a.m.3 views

Improper Certificate Validation

Overview salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more. Affected versions of this package are vulnerable t...

5.6CVSS7.3AI score0.00166EPSS
Exploits0References2
snyk
snyk
added 2025/06/13 7:41 a.m.2 views

Arbitrary Command Injection

Overview salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more. Affected versions of this package are vulnerable t...

8.4CVSS8.1AI score0.00157EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2025/06/13 7:15 a.m.11 views

CVE-2025-22241

File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location a...

5.6CVSS7.4AI score0.00166EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2025/06/13 7:15 a.m.6 views

CVE-2025-22237

An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process...

6.7CVSS7.4AI score0.00157EPSS
Exploits0References2
osv
osv
added 2025/06/13 7:15 a.m.5 views

UBUNTU-CVE-2025-22241

File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location a...

5.6CVSS5.8AI score0.00166EPSS
Exploits0References4
osv
osv
added 2025/06/13 7:15 a.m.6 views

UBUNTU-CVE-2025-22237

An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process...

6.7CVSS5.9AI score0.00157EPSS
Exploits0References4
ossf
ossf
added 2024/06/25 12:21 p.m.3 views

Malicious code in @now-par-components/sn-par-pillar (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
osv
osv
added 2024/06/25 12:21 p.m.4 views

MAL-2024-3029 Malicious code in @now-par-components/sn-par-pillar (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
susecve
susecve
added 2024/06/04 12:45 p.m.6 views

SUSE CVE-2022-22934

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion's public key, which can result in attackers substituting arbitrary pillar data...

7.5CVSS7.9AI score0.00861EPSS
Exploits0References43
osv
osv
added 2024/02/15 1:41 p.m.5 views

SUSE-SU-2024:0508-1 Security update for salt

This update for salt fixes the following issues: Security issues fixed: - CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master bsc1219430 - CVE-2024-22232: Prevent directory traversal attacks in the master's servefile method bsc1219431 Bugs fixed: - Ensur...

7.7CVSS6AI score0.0083EPSS
Exploits0References9
osv
osv
added 2024/02/15 1:41 p.m.6 views

SUSE-SU-2024:0507-1 Security update for salt

This update for salt fixes the following issues: Security issues fixed: - CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master bsc1219430 - CVE-2024-22232: Prevent directory traversal attacks in the master's servefile method bsc1219431 Bugs fixed: - Ensur...

7.7CVSS6AI score0.0083EPSS
Exploits0References9
osv
osv
added 2024/01/18 4:12 p.m.5 views

GHSA-4QHP-652W-C22X Unsecured endpoints in the jupyter-lsp server extension

Impact Installations of jupyter-lsp running in environments without configured file system access control on the operating system level, and with jupyter-server instances exposed to non-trusted network are vulnerable to unauthorised access and modification of file system beyond the jupyter root...

7.3CVSS7AI score0.00491EPSS
Exploits0References5
ossf
ossf
added 2023/11/28 12:36 p.m.2 views

Malicious code in pillar-lifi-zap (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f6752cdfc26aa682f3cbce0cfb7c709c97f885cbfae33367ffa76e599a041393 The OpenSSF Package Analysis project identified 'pillar-lifi-zap' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

6.9AI score
Exploits0
osv
osv
added 2023/11/28 12:36 p.m.4 views

MAL-2023-8620 Malicious code in pillar-lifi-zap (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f6752cdfc26aa682f3cbce0cfb7c709c97f885cbfae33367ffa76e599a041393 The OpenSSF Package Analysis project identified 'pillar-lifi-zap' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

7.1AI score
Exploits0
github
github
added 2023/09/21 3:30 p.m.6 views

Duplicate Advisory: EVE: SSH as Root Unlockable Without Triggering Measured Boot

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-phcg-h58r-gmcq. This link is maintained to preserve external references. Original Description On boot, the Pillar eve container checks for the existence and content of “/config/authorizedkeys”. If the file is...

8.8CVSS5.4AI score0.00159EPSS
Exploits0References4Affected Software1
osv
osv
added 2023/09/21 3:30 p.m.5 views

GHSA-F6WP-8J9R-FRRG Duplicate Advisory: EVE: SSH as Root Unlockable Without Triggering Measured Boot

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-phcg-h58r-gmcq. This link is maintained to preserve external references. Original Description On boot, the Pillar eve container checks for the existence and content of “/config/authorizedkeys”. If the file is...

8.8CVSS5.5AI score0.00159EPSS
Exploits0References3
nvd
nvd
added 2023/09/21 2:15 p.m.26 views

CVE-2023-43633

On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig/global.json”. If the file exists, it overrides the existing configuration on the device on boot. This allows an attacker to change the system’s configuration, which also includes some debug functions...

8.8CVSS8.7AI score0.00159EPSS
Exploits0References1
nvd
nvd
added 2023/09/21 2:15 p.m.38 views

CVE-2023-43631

On boot, the Pillar eve container checks for the existence and content of “/config/authorizedkeys”. If the file is present, and contains a supported public key, the container will go on to open port 22 and enable sshd with the given keys as the authorized keys for root login. An attacker could...

8.8CVSS8.7AI score0.00159EPSS
Exploits0References1
prion
prion
added 2023/09/21 2:15 p.m.22 views

Design/Logic Flaw

On boot, the Pillar eve container checks for the existence and content of “/config/authorizedkeys”. If the file is present, and contains a supported public key, the container will go on to open port 22 and enable sshd with the given keys as the authorized keys for root login. An attacker could...

4.3CVSS8.5AI score0.00159EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder