| |
Vulnerability CVE-2022-22934
Published: 2022-03-29
| Description: |
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion??s public key, which can result in attackers substituting arbitrary pillar data. |
Type:
CWE-347 (Improper Verification of Cryptographic Signature)
CVSS2 => (AV:A/AC:L/Au:N/C:P/I:P/A:P)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
5.8/10 |
6.4/10 |
6.5/10 |
| Exploit range |
Attack complexity |
Authentication |
Adjacent network |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
Partial |
References: |
https://github.com/saltstack/salt/releases ,
https://repo.saltproject.io/
https://saltproject.io/security_announcements/salt-security-advisory-release/ ,
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
