853 matches found
CVE-2022-22936
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A...
UBUNTU-CVE-2022-22936
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A...
Saltstack SaltStack Salt 授权问题漏洞
Saltstack SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack Saltstack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt versions 3002.8, 3003.4, and 3004.1, which originates fr...
SaltStack Salt 安全漏洞
SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt versions 3002.8, 3003.4, and 3004.1, which stems from the vulnerability of t...
CVE-2022-22936
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A...
SaltStack Salt 安全漏洞
SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt that stems from the fact that when configured as Master-of-Masters using...
CVE-2022-22941
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisheracl, if a user configured in the publisheracl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid,...
CVE-2022-22936
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A...
CVE-2022-22935
The connected Nessus document for CVE-2022-22935 confirms a concrete vulnerability in SaltStack Salt prior to 3002.8, 3003.4, and 3004.1: a minion authentication denial-of-service that allows a MiTM attacker to impersonate the master and stop a minion process. No patch or remediation details are ...
PT-2022-15743 · Saltstack +2 · Saltstack Salt +2
Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions prior to 3002.8 SaltStack Salt versions prior to 3003.4 SaltStack Salt versions prior to 3004.1 Description: An issue in SaltStack Salt allows a man-in-the-middle MiTM attacker to impersonate a master and cause a minio...
PT-2022-15744 · Saltstack +2 · Saltstack Salt +2
Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions prior to 3002.8 SaltStack Salt versions prior to 3003.4 SaltStack Salt versions prior to 3004.1 Description: An issue was discovered in SaltStack Salt where job publishes and file server replies are susceptible to repl...
CVE-2022-22941
CVE-2022-22941 affects SaltStack Salt prior to 3002.8, 3003.4, and 3004.1 when configured as a Master‑of‑Masters with a publisher_acl. A Syndic‑connected minion set can be targeted by a user in publisher_acl, and the Master can incorrectly treat no valid targets as valid, allowing that user to pu...
CVE-2022-22935
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master...
CVE-2022-22935
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master...
CVE-2022-22936
Removed by vendor...
SaltStack Salt 安全漏洞
SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt versions 3002.8, 3003.4, and 3004.1, which stems from Salt Masters not signi...
CVE-2022-22934
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data...
CVE-2022-22934
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data...
CVE-2022-22936
CVE-2022-22936 affects SaltStack Salt before versions 3002.8, 3003.4, and 3004.1. The issue allows replay attacks on job publishes and on file server replies, enabling an attacker to replay old jobs to minions. In certain scenarios, a craftier attacker could gain root access on a minion. Public s...
CVE-2022-22934
The CVE-2022-22934 issue affects SaltStack Salt versions before 3002.8, 3003.4, or 3004.1, where Salt Masters do not sign pillar data with the minion’s public key, enabling an attacker to substitute arbitrary pillar data. Connected advisories corroborate multiple vulnerability entries for Salt in...