CVE-2022-22934

saltstack/salt

on github

Published

March 29, 2022

Severity

CVSS v3:

8.8 HIGH

CVSS v2:

5.8 MEDIUM

Description

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data.

References

https://github.com/saltstack/salt/releases,
https://repo.saltproject.io/
https://saltproject.io/security_announcements/salt-security-advisory-release/,
https://security.gentoo.org/glsa/202310-22
https://saltproject.io/security_announcements/salt-security-advisory-release/%2C
https://github.com/saltstack/salt/releases%2C

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:saltstack:salt::::::::	3003 (including)	3003.4	*
cpe:2.3:a:saltstack:salt::::::::	3004 (including)	3004.1	*
cpe:2.3:a:saltstack:salt::::::::	3002 (including)	3002.8	*

External Links

NVD - CVE-2022-22934