90 matches found
CVE-2025-62349 Salt Master authentication protocol downgrade may enable minion impersonation
Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using an older request payload format, enabling minion impersonation and circumventing protections introduced in response to prior issues...
CVE-2025-62349
CVE-2025-62349 affects Salt (SaltStack) where the authentication protocol can downgrade to an older request payload format, enabling a malicious minion to impersonate hosts and bypass protections added in response to prior issues. The issue is described as a downgrade weakness in the authenticati...
CVE-2025-62349 Salt Master authentication protocol downgrade may enable minion impersonation
Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using an older request payload format, enabling minion impersonation and circumventing protections introduced in response to prior issues...
EUVD-2019-8578
Malware in sbrugna...
EUVD-2013-0037
Malware in sbrugna...
EUVD-2024-1887
Malicious code in bioql PyPI...
EUVD-2024-54685
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-38822
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion. CVE-2024-38822 Note that Nessus...
Linux Distros Unpatched Vulnerability : CVE-2024-22231
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directo...
Linux Distros Unpatched Vulnerability : CVE-2023-20897
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker...
Linux Distros Unpatched Vulnerability : CVE-2025-22239
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Arbitrary event injection on Salt Master. The master's minionevent method can be used by and authorized minion to send arbitrary events onto the master's event...
SUSE CVE-2024-38822
Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion...
SUSE CVE-2025-22239
Arbitrary event injection on Salt Master. The master's "minionevent" method can be used by and authorized minion to send arbitrary events onto the master's event bus...
CVE-2024-38822
Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use...
CVE-2025-22239
Arbitrary event injection on Salt Master. The master's "minionevent" method can be used by and authorized minion to send arbitrary events onto the master's event bus. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product...
GHSA-C46W-GR7F-JM2P Salt vulnerable to arbitrary event injection
Arbitrary event injection on Salt Master. The master's "minionevent" method can be used by and authorized minion to send arbitrary events onto the master's event bus...
Salt vulnerable to arbitrary event injection
Arbitrary event injection on Salt Master. The master's "minionevent" method can be used by and authorized minion to send arbitrary events onto the master's event bus...
CVE-2025-22239
Arbitrary event injection on Salt Master. The master's "minionevent" method can be used by and authorized minion to send arbitrary events onto the master's event bus...
CVE-2025-22239
Arbitrary event injection on Salt Master. The master's "minionevent" method can be used by and authorized minion to send arbitrary events onto the master's event bus...
CVE-2024-38822
Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion...