CVE-2022-22934

EPSS 0.09%
Veröffentlicht 29.03.2022 17:15:15
Zuletzt bearbeitet 21.11.2024 06:47:38
Quelle security@vmware.com
Teams Watchlist Login
Unerledigt Login

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Saltstack ≫ Salt Version >= 3002 < 3002.8

Saltstack ≫ Salt Version >= 3003 < 3003.4

Saltstack ≫ Salt Version >= 3004 < 3004.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.27

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	5.8	6.5	6.4	AV:A/AC:L/Au:N/C:P/I:P/A:P

https://security.gentoo.org/glsa/202310-22

Third Party Advisory

https://github.com/saltstack/salt/releases%2C

Broken Link

https://repo.saltproject.io/

Product

https://saltproject.io/security_announcements/salt-security-advisory-release/%2C

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2022-22934

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-22934

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-22934

EUVD