Lucene search
K
SaltstackSalt3003

6 matches found

CVE
CVE
added 2022/06/22 12:0 a.m.847 views

CVE-2022-22967

CVE-2022-22967 affects SaltStack Salt prior to 3002.9, 3003.5, and 3004.2. The issue is that PAM authentication fails to reject locked accounts, allowing a previously authorized user with an active or API session to run Salt commands even when the account is locked (including salt-api via PAM eau...

8.8CVSS8.3AI score0.01878EPSS
CVE
CVE
added 2022/03/29 12:0 a.m.190 views

CVE-2022-22934

The CVE-2022-22934 issue affects SaltStack Salt versions before 3002.8, 3003.4, or 3004.1, where Salt Masters do not sign pillar data with the minion’s public key, enabling an attacker to substitute arbitrary pillar data. Connected advisories corroborate multiple vulnerability entries for Salt in...

8.8CVSS8.4AI score0.00861EPSS
CVE
CVE
added 2022/03/29 12:0 a.m.171 views

CVE-2022-22936

CVE-2022-22936 affects SaltStack Salt before versions 3002.8, 3003.4, and 3004.1. The issue allows replay attacks on job publishes and on file server replies, enabling an attacker to replay old jobs to minions. In certain scenarios, a craftier attacker could gain root access on a minion. Public s...

8.8CVSS8.4AI score0.00808EPSS
CVE
CVE
added 2022/03/29 12:0 a.m.154 views

CVE-2022-22941

CVE-2022-22941 affects SaltStack Salt prior to 3002.8, 3003.4, and 3004.1 when configured as a Master‑of‑Masters with a publisher_acl. A Syndic‑connected minion set can be targeted by a user in publisher_acl, and the Master can incorrectly treat no valid targets as valid, allowing that user to pu...

8.8CVSS8.4AI score0.01315EPSS
CVE
CVE
added 2022/03/29 12:0 a.m.133 views

CVE-2022-22935

The connected Nessus document for CVE-2022-22935 confirms a concrete vulnerability in SaltStack Salt prior to 3002.8, 3003.4, and 3004.1: a minion authentication denial-of-service that allows a MiTM attacker to impersonate the master and stop a minion process. No patch or remediation details are ...

4.3CVSS5.7AI score0.01586EPSS
CVE
CVE
added 2023/02/17 12:0 a.m.65 views

CVE-2021-33226

SaltStack Salt vulnerability CVE-2021-33226 affects v.3003 and earlier. The issue is a Buffer Overflow in salt/salt/modules/status.py (func variable) that could allow arbitrary code execution. Multiple connected sources (Red Hat, SUSE, OSV, NVD, etc.) describe the same flaw and note that the clai...

9.8CVSS9.7AI score0.01642EPSS