CVE-2022-22935
on github
Published
Severity
CVSS v3:
3.7 LOW
CVSS v2:
4.3 MEDIUM
Description
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master.
References
- https://github.com/saltstack/salt/releases,
- https://repo.saltproject.io/
- https://saltproject.io/security_announcements/salt-security-advisory-release/,
- https://security.gentoo.org/glsa/202310-22
- https://saltproject.io/security_announcements/salt-security-advisory-release/%2C
- https://github.com/saltstack/salt/releases%2C
Configurations
| CPE23 | Version Start | Version End | Exact Version |
|---|---|---|---|
| cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:* | 3003 (including) | 3003.4 | * |
| cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:* | 3004 (including) | 3004.1 | * |
| cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:* | 3002 (including) | 3002.8 | * |