← Back

CVE-2022-22934

nvd nist
Published: Mar 29, 2022Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data.

Affected (3)

Products: Saltstack: Salt
Saltstack
1 product
Salt
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Saltstack
Salt
From 3002 to 3002.8
Salt
From 3003 to 3003.4
Salt
From 3004 to 3004.1

References (8)

Source: security@vmware.com
Broken Link
Source: security@vmware.com
Product
Source: security@vmware.com
Broken Link
Source: security@vmware.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.