Salt Security Vulnerabilities and Issues — Salt CVE List

Lucene search

SaltstackSalt

5 matches found

CVE•added 2022/06/23 5:15 p.m.•830 views

CVE-2022-22967

An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an activ...

8.8CVSS8.3AI score0.00444EPSS

CVE•added 2022/03/29 5:15 p.m.•168 views

CVE-2022-22934

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data.

8.8CVSS8.4AI score0.00087EPSS

CVE•added 2022/03/29 5:15 p.m.•153 views

CVE-2022-22936

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A suffici...

8.8CVSS8.4AI score0.00077EPSS

CVE•added 2022/03/29 5:15 p.m.•137 views

CVE-2022-22941

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisher_acl, if a user configured in the publisher_acl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid,...

8.8CVSS8.4AI score0.00017EPSS

CVE•added 2022/03/29 5:15 p.m.•118 views

CVE-2022-22935

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master.

4.3CVSS5.7AI score0.00068EPSS