27 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-22241
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - File contents overwrite the VirtKey class is called when on-demand pillar data is requested and uses un- validated input to create paths to the pki directory. T...
Linux Distros Unpatched Vulnerability : CVE-2022-22934
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion's public key, which ca...
Improper Certificate Validation
Overview salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more. Affected versions of this package are vulnerable t...
UBUNTU-CVE-2025-22241
File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location a...
SUSE CVE-2022-22934
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion's public key, which can result in attackers substituting arbitrary pillar data...
SaltStack 3000 < 3002.8 / 3003 < 3003.4 / 3004 < 3004.1 Multiple Vulnerabilities
According to its self-reported version number, the instance of SaltStack hosted on the remote server is affected by multiple vulnerabilities: - Salt Masters do not sign pillar data with the minion's public key, which can result in attackers substituting arbitrary pillar data. CVE-2022-22934 - Job...
SUSE SLES15 Security Update : salt (SUSE-SU-2022:1058-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1058-1 advisory. - An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with th...
SUSE SLES15 Security Update : salt (SUSE-SU-2022:1060-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1060-1 advisory. - An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with th...
SUSE SLES15 Security Update : salt (SUSE-SU-2022:1057-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1057-1 advisory. - An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with th...
SUSE-SU-2022:1051-1 Security update for salt
This update for salt fixes the following issues: - CVE-2022-22935: Sign authentication replies to prevent MiTM bsc1197417 - CVE-2022-22934: Sign pillar data to prevent MiTM attacks. bsc1197417 - CVE-2022-22936: Prevent job and fileserver replays bsc1197417 - CVE-2022-22941: Fixed targeting bug,...
SUSE-SU-2022:1059-1 Security update for salt
This update for salt fixes the following issues: - CVE-2022-22935: Sign authentication replies to prevent MiTM bsc1197417 - CVE-2022-22934: Sign pillar data to prevent MiTM attacks. bsc1197417 - CVE-2022-22936: Prevent job and fileserver replays bsc1197417 - CVE-2022-22941: Fixed targeting bug,...
Man-in-the-Middle (MitM)
salt is vulnerable to man in the middle attacks. The vulnerability exists because the salt masters don't sign pillar data with minion's public key which allows a malicious attacker to substitute pillar data and perform unauthorized actions...
Vulnerabilities fixed in Salt
Several vulnerabilities have been fixed in Salt. The vulnerabilities allow a malicious person to perform the following attacks execute: - altering piller data sent by the master to the minion - denial-of-service on a minion process by impersonating a rogue master - resending file server...
CVE-2022-22934
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data...
CVE-2022-22934
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data...
CVE-2022-22934
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data...
PYSEC-2022-171
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data...
UBUNTU-CVE-2022-22934
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data...
CVE-2022-22934
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data...
PYSEC-2022-171
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data...