An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data.
References
Link | Resource |
---|---|
https://github.com/saltstack/salt/releases%2C | Broken Link |
https://repo.saltproject.io/ | Product |
https://saltproject.io/security_announcements/salt-security-advisory-release/%2C | Broken Link |
https://security.gentoo.org/glsa/202310-22 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: vmware
Published: 2022-03-29T00:00:00
Updated: 2023-10-31T13:06:27.077569
Reserved: 2022-01-10T00:00:00
Link: CVE-2022-22934
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-03-29T17:15:15.170
Modified: 2023-12-21T18:45:25.720
Link: CVE-2022-22934
JSON object: View
Redhat Information
No data.
CWE