Saltstack Salt
Approved changes feed: RSS · Atom
cpe:2.3:a:n/a:saltstack_salt:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | N/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78) |
|---|---|
| Product | Saltstack Salt (4dbe1587-16bd-56e7-8527-fd0b172be76d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-22967 |
vulnerable | 2026-06-08 05:40:55.792958 |
Details available
An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an active session and salt-api users that authenticate via PAM eauth.
Published: 2022-06-22T00:00:00.000Z
Updated: 2025-05-05T16:28:14.931Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-22941 |
vulnerable | 2026-06-08 05:40:55.585839 |
Details available
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisher_acl, if a user configured in the publisher_acl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid, allowing configured users to target any of the minions connected to the syndic with their configured commands. This requires a syndic master combined with publisher_acl configured on the Master-of-Masters, allowing users specified in the publisher_acl to bypass permissions, publishing authorized commands to any configured minion.
Published: 2022-03-29T00:00:00.000Z
Updated: 2025-05-05T16:28:25.364Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-22936 |
vulnerable | 2026-06-08 05:40:55.578368 |
Details available
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A sufficient craft attacker could gain root access on minion under certain scenarios.
Published: 2022-03-29T00:00:00.000Z
Updated: 2025-05-05T16:28:34.495Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-22935 |
vulnerable | 2026-06-08 05:40:55.577982 |
Details available
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master.
Published: 2022-03-29T00:00:00.000Z
Updated: 2025-05-05T16:28:44.531Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-22934 |
vulnerable | 2026-06-08 05:40:55.576660 |
Details available
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data.
Published: 2022-03-29T00:00:00.000Z
Updated: 2024-08-03T03:28:42.419Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-22004 |
vulnerable | 2026-06-08 05:29:59.618644 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-21996 |
vulnerable | 2026-06-08 05:29:59.578015 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.