Lucene search
K

10 matches found

Tenable Nessus
Tenable Nessus
added 2022/04/05 12:0 a.m.49 views

SaltStack 3000 < 3002.8 / 3003 < 3003.4 / 3004 < 3004.1 Multiple Vulnerabilities

According to its self-reported version number, the instance of SaltStack hosted on the remote server is affected by multiple vulnerabilities: - Salt Masters do not sign pillar data with the minion's public key, which can result in attackers substituting arbitrary pillar data. CVE-2022-22934 - Job...

8.8CVSS7.3AI score0.01586EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2022/04/01 12:0 a.m.43 views

openSUSE 15 Security Update : salt (openSUSE-SU-2022:1059-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:1059-1 advisory. - An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion...

8.8CVSS7.4AI score0.01586EPSS
Exploits0References10
OpenVAS
OpenVAS
added 2022/03/31 12:0 a.m.19 views

openSUSE: Security Advisory for salt (openSUSE-SU-2022:1059-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.8CVSS6.5AI score0.01586EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/03/31 12:0 a.m.18 views

SUSE: Security Advisory (SUSE-SU-2022:1059-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS6.5AI score0.01586EPSS
Exploits0References2
OSV
OSV
added 2022/03/30 3:33 p.m.10 views

SUSE-SU-2022:1059-1 Security update for salt

This update for salt fixes the following issues: - CVE-2022-22935: Sign authentication replies to prevent MiTM bsc1197417 - CVE-2022-22934: Sign pillar data to prevent MiTM attacks. bsc1197417 - CVE-2022-22936: Prevent job and fileserver replays bsc1197417 - CVE-2022-22941: Fixed targeting bug,...

8.8CVSS6.2AI score0.01586EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2022/03/30 12:0 a.m.3 views

elita (>=0.60.0 <=0.64.1), slskit (>=2020.1.1 <=2020.9.0) potentially affected by CVE-2022-22936 via salt (>=2014.1.10 <=3001.8.0)

salt PYPI version =2014.1.10, =0.60.0, =2020.1.1, =2020.9.0 Source cves: CVE-2022-22936 Source advisory: OSV:GHSA-5R3F-3M3J-WCJ2...

8.8CVSS6.8AI score0.00808EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/03/30 12:0 a.m.25 views

SUSE SLED15: python3-salt / salt / salt-api / salt-bash-completion / salt-cloud / etc (SUSE-SU-2022:1059-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1059-1 advisory. - CVE-2022-22935: Sign authentication replies to prevent MiTM bsc1197417 - CVE-2022-22934: Sign pillar data to...

8.8CVSS6.8AI score0.01586EPSS
Exploits0References10
CVE
CVE
added 2022/03/29 12:0 a.m.172 views

CVE-2022-22936

CVE-2022-22936 affects SaltStack Salt before versions 3002.8, 3003.4, and 3004.1. The issue allows replay attacks on job publishes and on file server replies, enabling an attacker to replay old jobs to minions. In certain scenarios, a craftier attacker could gain root access on a minion. Public s...

8.8CVSS8.4AI score0.00808EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2022/03/29 12:0 a.m.30 views

CVE-2022-22936

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A...

8.8AI score0.00808EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2022/03/29 12:0 a.m.39 views

CVE-2022-22936

Removed by vendor...

8.8CVSS7.8AI score0.00808EPSS
Exploits0
Rows per page
Query Builder