9 matches found
SUSE SLES15: python3-salt / salt / salt-api / salt-bash-completion / salt-cloud / etc (SUSE-SU-2025:02534-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02534-1 advisory. - Security issues fixed: - CVE-2024-38822: Fixed Minion token validation bsc1244561 - CVE-2024-38823: Fixed server vulnerability t...
Security update for salt
This update for salt fixes the following issues: Security issues fixed: CVE-2024-38822: Fixed Minion token validation bsc1244561 CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 CVE-2024-38824: Fixed directory traversal vulnerability...
SUSE-SU-2025:02476-1 Security update 4.3.16 for Multi-Linux Manager Server
This update fixes the following issues: release-notes-susemanager: - Update to SUSE Manager 4.3.16 Important Salt Security Update Added support for SUSE Linux Enterprise 15 SP7 as a client using the Salt Bundle CVE Fixed CVE-2025-23392, CVE-2025-23393, CVE-2024-38824, CVE-2025-22239 CVE-2025-2223...
heist-salt (>=1.0.0 <=5.3.1), isalt (>=2019.12.0 <=2021.2.2) +9 more potentially affected by CVE-2025-22237 via salt (=3007.14.0)
salt PYPI version =3007.14.0 is affected by a known vulnerability. The following packages have a transitive dependency on salt and may be impacted: - heist-salt =1.0.0, =2019.12.0, =2019.6.28a3, =2.6.2.dev0, =2020.7.0, =1.1.1, =22.9.8.0rc1, =0.3.2, =0.5.7 - slskit =2022.4.0 Source cves:...
heist-salt (>=1.0.0 <=5.3.1), isalt (>=2019.12.0 <=2021.2.2) +9 more potentially affected by CVE-2025-22237 via salt (=3007.14.0)
salt PYPI version =3007.14.0 is affected by a known vulnerability. The following packages have a transitive dependency on salt and may be impacted: - heist-salt =1.0.0, =2019.12.0, =2019.6.28a3, =2.6.2.dev0, =2020.7.0, =1.1.1, =22.9.8.0rc1, =0.3.2, =0.5.7 - slskit =2022.4.0 Source cves:...
CVE-2025-22237
creationtimestamp| type| source ---|---|--- 2025-06-13 07:28:25+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lrhvuuzpjx72 2025-06-13 07:33:15+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/18276 2025-06-13 07:34:25+00:00| seen|...
CVE-2025-22237 CVE-2025-22237 salt advisory
An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process...
CVE-2025-22237
CVE-2025-22237 describes an escalation where an attacker with a minion key can abuse Salt’s on-demand pillar via a specially crafted git URL to execute arbitrary commands on the Salt Master with master privileges. The connected Nessus/SUSE advisories state that this issue was mitigated/fixed (as ...
CVE-2025-22237 CVE-2025-22237 salt advisory
An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process...