Lucene search
K

10 matches found

Tenable Nessus
Tenable Nessus
added 2022/04/05 12:0 a.m.49 views

SaltStack 3000 < 3002.8 / 3003 < 3003.4 / 3004 < 3004.1 Multiple Vulnerabilities

According to its self-reported version number, the instance of SaltStack hosted on the remote server is affected by multiple vulnerabilities: - Salt Masters do not sign pillar data with the minion's public key, which can result in attackers substituting arbitrary pillar data. CVE-2022-22934 - Job...

8.8CVSS7.3AI score0.01586EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2022/04/01 12:0 a.m.43 views

openSUSE 15 Security Update : salt (openSUSE-SU-2022:1059-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:1059-1 advisory. - An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion...

8.8CVSS7.4AI score0.01586EPSS
Exploits0References10
OpenVAS
OpenVAS
added 2022/03/31 12:0 a.m.18 views

SUSE: Security Advisory (SUSE-SU-2022:1059-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS6.5AI score0.01586EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/03/31 12:0 a.m.19 views

openSUSE: Security Advisory for salt (openSUSE-SU-2022:1059-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.8CVSS6.5AI score0.01586EPSS
Exploits0References2
OSV
OSV
added 2022/03/30 3:33 p.m.10 views

SUSE-SU-2022:1059-1 Security update for salt

This update for salt fixes the following issues: - CVE-2022-22935: Sign authentication replies to prevent MiTM bsc1197417 - CVE-2022-22934: Sign pillar data to prevent MiTM attacks. bsc1197417 - CVE-2022-22936: Prevent job and fileserver replays bsc1197417 - CVE-2022-22941: Fixed targeting bug,...

8.8CVSS6.2AI score0.01586EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2022/03/30 12:0 a.m.12 views

elita (>=0.60.0 <=0.64.1), slskit (>=2020.1.1 <=2020.9.0) potentially affected by CVE-2022-22934 via salt (>=2014.1.10 <=3001.8.0)

salt PYPI version =2014.1.10, =0.60.0, =2020.1.1, =2020.9.0 Source cves: CVE-2022-22934 Source advisory: OSV:GHSA-2Q4G-WFM6-5FPM...

8.8CVSS6.8AI score0.00861EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/03/30 12:0 a.m.25 views

SUSE SLED15: python3-salt / salt / salt-api / salt-bash-completion / salt-cloud / etc (SUSE-SU-2022:1059-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1059-1 advisory. - CVE-2022-22935: Sign authentication replies to prevent MiTM bsc1197417 - CVE-2022-22934: Sign pillar data to...

8.8CVSS6.8AI score0.01586EPSS
Exploits0References10
vulnersOsv
vulnersOsv
added 2022/03/29 5:15 p.m.3 views

elita (>=0.60.0 <=0.64.1), slskit (>=2020.1.1 <=2020.9.0) potentially affected by CVE-2022-22934 via salt (>=2014.1.10 <=3001.8.0)

salt PYPI version =2014.1.10, =0.60.0, =2020.1.1, =2020.9.0 Source cves: CVE-2022-22934 Source advisory: OSV:PYSEC-2022-171...

8.8CVSS6.8AI score0.00861EPSS
Exploits0
CVE
CVE
added 2022/03/29 12:0 a.m.192 views

CVE-2022-22934

The CVE-2022-22934 issue affects SaltStack Salt versions before 3002.8, 3003.4, or 3004.1, where Salt Masters do not sign pillar data with the minion’s public key, enabling an attacker to substitute arbitrary pillar data. Connected advisories corroborate multiple vulnerability entries for Salt in...

8.8CVSS8.4AI score0.00861EPSS
Exploits0References4Affected Software1
AlpineLinux
AlpineLinux
added 2022/03/29 12:0 a.m.50 views

CVE-2022-22934

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data...

8.8CVSS8.7AI score0.00861EPSS
Exploits0
Rows per page
Query Builder