CVE-2024-38825 (GCVE-0-2024-38825)

Vulnerability from cvelistv5 – Published: 2025-06-13 06:46 – Updated: 2025-06-13 14:01
VLAI
Title
CVE-2024-38825 Salt Advisory
Summary
The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication attempt to be accepted.
Severity
6.4 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-287 - Improper Authentication
Assigner
References
Impacted products
Vendor Product Version
VMware SALT Affected: 3006.x , < 3006.12 (lts)
Affected: 3007.x , < 3007.4 (sts)
Create a notification for this product.
Date Public
2025-06-12 07:33
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38825",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-13T14:00:49.726753Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-287",
                "description": "CWE-287 Improper Authentication",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-13T14:01:02.386Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "Salt",
          "product": "SALT",
          "vendor": "VMware",
          "versions": [
            {
              "lessThan": "3006.12",
              "status": "affected",
              "version": "3006.x",
              "versionType": "lts"
            },
            {
              "lessThan": "3007.4",
              "status": "affected",
              "version": "3007.x",
              "versionType": "sts"
            }
          ]
        }
      ],
      "datePublic": "2025-06-12T07:33:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe salt.auth.pki module does not properly authenticate callers. The \"password\" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication attempt to be accepted.\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "The salt.auth.pki module does not properly authenticate callers. The \"password\" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication attempt to be accepted."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-13T06:46:12.145Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html"
        },
        {
          "url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "CVE-2024-38825 Salt Advisory",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2024-38825",
    "datePublished": "2025-06-13T06:46:12.145Z",
    "dateReserved": "2024-06-19T22:32:06.583Z",
    "dateUpdated": "2025-06-13T14:01:02.386Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-38825",
      "date": "2026-06-10",
      "epss": "0.00123",
      "percentile": "0.31"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-38825\",\"sourceIdentifier\":\"security@vmware.com\",\"published\":\"2025-06-13T07:15:20.717\",\"lastModified\":\"2025-06-16T12:32:18.840\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The salt.auth.pki module does not properly authenticate callers. The \\\"password\\\" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication attempt to be accepted.\"},{\"lang\":\"es\",\"value\":\"El m\u00f3dulo salt.auth.pki no autentica correctamente a los usuarios que llaman. El campo \\\"contrase\u00f1a\\\" contiene un certificado p\u00fablico que el m\u00f3dulo valida con un certificado de CA. Esto no es autenticaci\u00f3n PKI, ya que el usuario que llama no necesita acceder a la clave privada correspondiente para que se acepte el intento de autenticaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@vmware.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N\",\"baseScore\":6.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.1,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"references\":[{\"url\":\"https://docs.saltproject.io/en/3006/topics/releases/3006.12.html\",\"source\":\"security@vmware.com\"},{\"url\":\"https://docs.saltproject.io/en/3007/topics/releases/3007.4.html\",\"source\":\"security@vmware.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-38825\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-13T14:00:49.726753Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-287\", \"description\": \"CWE-287 Improper Authentication\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-13T14:00:59.165Z\"}}], \"cna\": {\"title\": \"CVE-2024-38825 Salt Advisory\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"VMware\", \"product\": \"SALT\", \"versions\": [{\"status\": \"affected\", \"version\": \"3006.x\", \"lessThan\": \"3006.12\", \"versionType\": \"lts\"}, {\"status\": \"affected\", \"version\": \"3007.x\", \"lessThan\": \"3007.4\", \"versionType\": \"sts\"}], \"packageName\": \"Salt\", \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-06-12T07:33:00.000Z\", \"references\": [{\"url\": \"https://docs.saltproject.io/en/3006/topics/releases/3006.12.html\"}, {\"url\": \"https://docs.saltproject.io/en/3007/topics/releases/3007.4.html\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The salt.auth.pki module does not properly authenticate callers. The \\\"password\\\" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication attempt to be accepted.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThe salt.auth.pki module does not properly authenticate callers. The \\\"password\\\" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication attempt to be accepted.\u003cbr\u003e\u003c/p\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"shortName\": \"vmware\", \"dateUpdated\": \"2025-06-13T06:46:12.145Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-38825\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-13T14:01:02.386Z\", \"dateReserved\": \"2024-06-19T22:32:06.583Z\", \"assignerOrgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"datePublished\": \"2025-06-13T06:46:12.145Z\", \"assignerShortName\": \"vmware\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}