Lucene search
K

5 matches found

OSV
OSV
added 2025/06/13 9:30 a.m.4 views

GHSA-7F3F-X5F5-79GW Salt's file contents overwrite the VirtKey class

File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location a...

5.6CVSS7.3AI score0.00166EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/06/13 9:30 a.m.8 views

Salt's file contents overwrite the VirtKey class

File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location a...

5.6CVSS7.3AI score0.00166EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/06/13 7:15 a.m.11 views

CVE-2025-22241

File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location a...

5.6CVSS0.00166EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/13 7:4 a.m.18 views

CVE-2025-22241 CVE-2025-22241 salt advisory

File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location a...

5.6CVSS0.00166EPSS
Exploits0References2
CVE
CVE
added 2025/06/13 7:4 a.m.62 views

CVE-2025-22241

CVE-2025-22241 affects Salt's VirtKey class; the vulnerability arises from on-demand pillar data paths derived from unvalidated input to the pki directory, enabling auto-accept of Minion authentication keys via a pre-placed authorization file in the default config. Public disclosures in SUSE/open...

5.6CVSS5.6AI score0.00166EPSS
Exploits0References2
Rows per page
Query Builder