Security update 5.0.5 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2024-38822: Fixed Minion token validation bsc1244561 CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 CVE-2024-38824: Fixed directory traversal...

SaltStack 3000 < 3006.12 / 3007 < 3007.4 Multiple Vulnerabilities

According to its self-reported version number, the instance of SaltStack hosted on the remote server is affected by multiple vulnerabilities, including the following: - Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...

CVE-2025-22239

Arbitrary event injection on Salt Master. The master's "minionevent" method can be used by and authorized minion to send arbitrary events onto the master's event bus. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product...

Salt vulnerable to arbitrary event injection

Arbitrary event injection on Salt Master. The master's "minionevent" method can be used by and authorized minion to send arbitrary events onto the master's event bus...

CVE-2025-22239 CVE-2025-22239 salt advisory

Arbitrary event injection on Salt Master. The master's "minionevent" method can be used by and authorized minion to send arbitrary events onto the master's event bus...

CVE-2025-22239

CVE-2025-22239 – Salt Master event injection : The Salt Master’s _minion_event method can be abused by an authorized minion to push arbitrary events onto the master's event bus, enabling potential impact on integrity and confidentiality (I, C) with low availability impact. The advisory notes this...

CVE-2025-22239 CVE-2025-22239 salt advisory

Arbitrary event injection on Salt Master. The master's "minionevent" method can be used by and authorized minion to send arbitrary events onto the master's event bus...