CVE-2022-22941 - OpenCVE

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisher_acl, if a user configured in the publisher_acl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid, allowing configured users to target any of the minions connected to the syndic with their configured commands. This requires a syndic master combined with publisher_acl configured on the Master-of-Masters, allowing users specified in the publisher_acl to bypass permissions, publishing authorized commands to any configured minion.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Saltstack	Salt

Configuration 1 [-]

OR	cpe:2.3:a:saltstack:salt::::::::
	cpe:2.3:a:saltstack:salt::::::::
	cpe:2.3:a:saltstack:salt::::::::

References

Link	Resource
https://github.com/saltstack/salt/releases%2C	Broken Link
https://repo.saltproject.io/	Product
https://saltproject.io/security_announcements/salt-security-advisory-release/%2C	Broken Link
https://security.gentoo.org/glsa/202310-22	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: vmware

Published: 2022-03-29T00:00:00

Updated: 2023-10-31T13:06:40.983815

Reserved: 2022-01-10T00:00:00

Link: CVE-2022-22941

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-03-29T17:15:15.327

Modified: 2023-12-21T18:44:31.113

Link: CVE-2022-22941

JSON object: View

Redhat Information

No data.

CWE

CWE-732

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7449317-8304-4045-AF72-CF78F207D879", "versionEndExcluding": "3002.8", "versionStartIncluding": "3002", "vulnerable": true}, {"criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*", "matchCriteriaId": "318996F4-15C8-4721-BC68-ED3CE42ED5B3", "versionEndExcluding": "3003.4", "versionStartIncluding": "3003", "vulnerable": true}, {"criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*", "matchCriteriaId": "174C223F-0F76-4725-BA07-E9DE35E4E8AE", "versionEndExcluding": "3004.1", "versionStartIncluding": "3004", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisher_acl, if a user configured in the publisher_acl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid, allowing configured users to target any of the minions connected to the syndic with their configured commands. This requires a syndic master combined with publisher_acl configured on the Master-of-Masters, allowing users specified in the publisher_acl to bypass permissions, publishing authorized commands to any configured minion."}, {"lang": "es", "value": "Se ha detectado un problema en SaltStack Salt en versiones anteriores a 3002.8, 3003.4, 3004.1. Cuando es configurado como \"Master-of-Masters\", con un publisher_acl, si un usuario configurado en el publisher_acl apunta a cualquier minion conectado al Syndic, el Maestro de Salt interpreta incorrectamente que no presenta objetivos v\u00e1lidos, permitiendo a usuarios configurados apuntar a cualquiera de los minions conectados al syndic con sus comandos configurados. Esto requiere un syndic master combinado con publisher_acl configurado en el Master-of-Masters, permitiendo a usuarios especificados en el publisher_acl omitir los permisos, publicando comandos autorizados a cualquier minion configurado"}], "id": "CVE-2022-22941", "lastModified": "2023-12-21T18:44:31.113", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-29T17:15:15.327", "references": [{"source": "security@vmware.com", "tags": ["Broken Link"], "url": "https://github.com/saltstack/salt/releases%2C"}, {"source": "security@vmware.com", "tags": ["Product"], "url": "https://repo.saltproject.io/"}, {"source": "security@vmware.com", "tags": ["Broken Link"], "url": "https://saltproject.io/security_announcements/salt-security-advisory-release/%2C"}, {"source": "security@vmware.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202310-22"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}