7 matches found
EUVD-2013-0037
Malware in sbrugna...
GHSA-C46W-GR7F-JM2P Salt vulnerable to arbitrary event injection
Arbitrary event injection on Salt Master. The master's "minionevent" method can be used by and authorized minion to send arbitrary events onto the master's event bus...
Salt vulnerable to arbitrary event injection
Arbitrary event injection on Salt Master. The master's "minionevent" method can be used by and authorized minion to send arbitrary events onto the master's event bus...
CVE-2025-22239
Arbitrary event injection on Salt Master. The master's "minionevent" method can be used by and authorized minion to send arbitrary events onto the master's event bus...
CVE-2025-22239 CVE-2025-22239 salt advisory
Arbitrary event injection on Salt Master. The master's "minionevent" method can be used by and authorized minion to send arbitrary events onto the master's event bus...
PT-2025-25396 · Unknown +1 · Salt-Master +1
Name of the Vulnerable Software and Affected Versions: Salt Master affected versions not specified Description: The issue arises when the VirtKey class is called upon requesting "on-demand pillar" data. It utilizes un-validated input to create paths to the "pki directory". This functionality is...
PT-2025-25394 · Unknown +1 · Salt-Master +1
Name of the Vulnerable Software and Affected Versions: Salt Master affected versions not specified Description: The issue allows arbitrary event injection on the Salt Master. An authorized minion can use the master's minion event method to send arbitrary events onto the master's event bus...