Home

CVE-2022-22934

Description

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minions public key, which can result in attackers substituting arbitrary pillar data.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.121

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 are affected in VMware SALT *Windows
Vulnerabilities CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 are affected in VMware SALT 3002.5Windows
Vulnerabilities CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 are fixed in Python-salt 3002.8Windows
Vulnerabilities CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 are fixed in Python-salt 3003.4Windows
Vulnerabilities CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 are fixed in Python-salt 3004.1Windows
Vulnerabilities CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 are fixed in Python-salt for linux 3002.8Linux
Vulnerabilities CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 are fixed in Python-salt for linux 3003.4Linux
Vulnerabilities CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 are fixed in Python-salt for linux 3004.1Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234