Improper Authentication in SaltStack Salt

An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion software...

PT-2021-14842 · Saltstack +1 · Saltstack Salt +1

Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions prior to 3003.3 Description: An issue was discovered that allows a malicious actor to subvert the proper behavior of the minion software. This occurs when the salt minion installer accepts and uses a minion config file...