1. CVE-Search
  2. CVE-2022-22934
ID CVE-2022-22934
Summary An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data.
References
Vulnerable Configurations
  • cpe:2.3:a:saltstack:salt:3003:*:*:*:*:*:*:*
    cpe:2.3:a:saltstack:salt:3003:*:*:*:*:*:*:*
  • cpe:2.3:a:saltstack:salt:3003.1:*:*:*:*:*:*:*
    cpe:2.3:a:saltstack:salt:3003.1:*:*:*:*:*:*:*
  • cpe:2.3:a:saltstack:salt:3003.2:*:*:*:*:*:*:*
    cpe:2.3:a:saltstack:salt:3003.2:*:*:*:*:*:*:*
  • cpe:2.3:a:saltstack:salt:3003.3:*:*:*:*:*:*:*
    cpe:2.3:a:saltstack:salt:3003.3:*:*:*:*:*:*:*
  • cpe:2.3:a:saltstack:salt:3004:*:*:*:*:*:*:*
    cpe:2.3:a:saltstack:salt:3004:*:*:*:*:*:*:*
  • cpe:2.3:a:saltstack:salt:3002:*:*:*:*:*:*:*
    cpe:2.3:a:saltstack:salt:3002:*:*:*:*:*:*:*
  • cpe:2.3:a:saltstack:salt:3002.1:*:*:*:*:*:*:*
    cpe:2.3:a:saltstack:salt:3002.1:*:*:*:*:*:*:*
  • cpe:2.3:a:saltstack:salt:3002.2:*:*:*:*:*:*:*
    cpe:2.3:a:saltstack:salt:3002.2:*:*:*:*:*:*:*
  • cpe:2.3:a:saltstack:salt:3002.3:*:*:*:*:*:*:*
    cpe:2.3:a:saltstack:salt:3002.3:*:*:*:*:*:*:*
  • cpe:2.3:a:saltstack:salt:3002.4:*:*:*:*:*:*:*
    cpe:2.3:a:saltstack:salt:3002.4:*:*:*:*:*:*:*
  • cpe:2.3:a:saltstack:salt:3002.5:*:*:*:*:*:*:*
    cpe:2.3:a:saltstack:salt:3002.5:*:*:*:*:*:*:*
  • cpe:2.3:a:saltstack:salt:3002.6:*:*:*:*:*:*:*
    cpe:2.3:a:saltstack:salt:3002.6:*:*:*:*:*:*:*
  • cpe:2.3:a:saltstack:salt:3002.7:*:*:*:*:*:*:*
    cpe:2.3:a:saltstack:salt:3002.7:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 21-12-2023 - 18:45)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
ADJACENT_NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:A/AC:L/Au:N/C:P/I:P/A:P
Last major update 21-12-2023 - 18:45
Published 29-03-2022 - 17:15
Last modified 21-12-2023 - 18:45
Back to Top