An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A sufficient craft attacker could gain root access on minion under certain scenarios.
References
Link | Resource |
---|---|
https://github.com/saltstack/salt/releases%2C | Broken Link |
https://repo.saltproject.io/ | Product |
https://saltproject.io/security_announcements/salt-security-advisory-release/%2C | Broken Link |
https://security.gentoo.org/glsa/202310-22 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: vmware
Published: 2022-03-29T00:00:00
Updated: 2023-10-31T13:06:45.986338
Reserved: 2022-01-10T00:00:00
Link: CVE-2022-22936
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-03-29T17:15:15.273
Modified: 2023-12-21T18:47:15.553
Link: CVE-2022-22936
JSON object: View
Redhat Information
No data.
CWE