10 matches found
SaltStack 3000 < 3002.8 / 3003 < 3003.4 / 3004 < 3004.1 Multiple Vulnerabilities
According to its self-reported version number, the instance of SaltStack hosted on the remote server is affected by multiple vulnerabilities: - Salt Masters do not sign pillar data with the minion's public key, which can result in attackers substituting arbitrary pillar data. CVE-2022-22934 - Job...
openSUSE 15 Security Update : salt (openSUSE-SU-2022:1059-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:1059-1 advisory. - An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion...
SUSE: Security Advisory (SUSE-SU-2022:1059-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for salt (openSUSE-SU-2022:1059-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE-SU-2022:1059-1 Security update for salt
This update for salt fixes the following issues: - CVE-2022-22935: Sign authentication replies to prevent MiTM bsc1197417 - CVE-2022-22934: Sign pillar data to prevent MiTM attacks. bsc1197417 - CVE-2022-22936: Prevent job and fileserver replays bsc1197417 - CVE-2022-22941: Fixed targeting bug,...
elita (>=0.60.0 <=0.64.1), slskit (>=2020.1.1 <=2020.9.0) potentially affected by CVE-2022-22934 via salt (>=2014.1.10 <=3001.8.0)
salt PYPI version =2014.1.10, =0.60.0, =2020.1.1, =2020.9.0 Source cves: CVE-2022-22934 Source advisory: OSV:GHSA-2Q4G-WFM6-5FPM...
SUSE SLED15: python3-salt / salt / salt-api / salt-bash-completion / salt-cloud / etc (SUSE-SU-2022:1059-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1059-1 advisory. - CVE-2022-22935: Sign authentication replies to prevent MiTM bsc1197417 - CVE-2022-22934: Sign pillar data to...
elita (>=0.60.0 <=0.64.1), slskit (>=2020.1.1 <=2020.9.0) potentially affected by CVE-2022-22934 via salt (>=2014.1.10 <=3001.8.0)
salt PYPI version =2014.1.10, =0.60.0, =2020.1.1, =2020.9.0 Source cves: CVE-2022-22934 Source advisory: OSV:PYSEC-2022-171...
CVE-2022-22934
The CVE-2022-22934 issue affects SaltStack Salt versions before 3002.8, 3003.4, or 3004.1, where Salt Masters do not sign pillar data with the minion’s public key, enabling an attacker to substitute arbitrary pillar data. Connected advisories corroborate multiple vulnerability entries for Salt in...
CVE-2022-22934
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data...