Lucene search
K

11 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 3:28 a.m.3 views

SUSE CVE-2022-22941

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisheracl, if a user configured in the publisheracl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid,...

7.5CVSS9.5AI score0.01315EPSS
Exploits0References43
RedhatCVE
RedhatCVE
added 2022/05/21 12:25 a.m.48 views

CVE-2022-22941

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisheracl, if a user configured in the publisheracl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid,...

8.8CVSS3AI score0.01315EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/04/05 12:0 a.m.49 views

SaltStack 3000 < 3002.8 / 3003 < 3003.4 / 3004 < 3004.1 Multiple Vulnerabilities

According to its self-reported version number, the instance of SaltStack hosted on the remote server is affected by multiple vulnerabilities: - Salt Masters do not sign pillar data with the minion's public key, which can result in attackers substituting arbitrary pillar data. CVE-2022-22934 - Job...

8.8CVSS7.3AI score0.01586EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2022/04/01 12:0 a.m.42 views

openSUSE 15 Security Update : salt (openSUSE-SU-2022:1059-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:1059-1 advisory. - An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion...

8.8CVSS7.4AI score0.01586EPSS
Exploits0References10
OpenVAS
OpenVAS
added 2022/03/31 12:0 a.m.17 views

openSUSE: Security Advisory for salt (openSUSE-SU-2022:1059-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.8CVSS6.5AI score0.01586EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/03/31 12:0 a.m.18 views

SUSE: Security Advisory (SUSE-SU-2022:1059-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS6.5AI score0.01586EPSS
Exploits0References2
OSV
OSV
added 2022/03/30 3:33 p.m.10 views

SUSE-SU-2022:1059-1 Security update for salt

This update for salt fixes the following issues: - CVE-2022-22935: Sign authentication replies to prevent MiTM bsc1197417 - CVE-2022-22934: Sign pillar data to prevent MiTM attacks. bsc1197417 - CVE-2022-22936: Prevent job and fileserver replays bsc1197417 - CVE-2022-22941: Fixed targeting bug,...

8.8CVSS6.2AI score0.01586EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2022/03/30 12:0 a.m.4 views

elita (>=0.60.0 <=0.64.1), slskit (>=2020.1.1 <=2020.9.0) potentially affected by CVE-2022-22941 via salt (>=2014.1.10 <=3001.8.0)

salt PYPI version =2014.1.10, =0.60.0, =2020.1.1, =2020.9.0 Source cves: CVE-2022-22941 Source advisory: OSV:GHSA-QCR3-HR2F-6557...

8.8CVSS6.8AI score0.01315EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/03/30 12:0 a.m.25 views

SUSE SLED15: python3-salt / salt / salt-api / salt-bash-completion / salt-cloud / etc (SUSE-SU-2022:1059-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1059-1 advisory. - CVE-2022-22935: Sign authentication replies to prevent MiTM bsc1197417 - CVE-2022-22934: Sign pillar data to...

8.8CVSS6.8AI score0.01586EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2022/03/29 5:15 p.m.38 views

CVE-2022-22941

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisheracl, if a user configured in the publisheracl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid,...

8.8CVSS6.9AI score0.01315EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2022/03/29 12:0 a.m.37 views

CVE-2022-22941

Removed by vendor...

8.8CVSS7.8AI score0.01315EPSS
Exploits0
Rows per page
Query Builder