Lucene search
VmwareCVELIST:CVE-2022-22936HistoryMar 29, 2022 - 12:00 a.m.
CVE-2022-22936
2022-03-2900:00:00
vmware
www.cve.org
5
saltstack salt
replay attacks
unauthorized access
cve-2022-22936
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A sufficient craft attacker could gain root access on minion under certain scenarios.
CNA Affected
[
{
"vendor": "n/a",
"product": "SaltStack Salt",
"versions": [
{
"version": "SaltStack Salt prior to 3002.8, 3003.4, 3004.1",
"status": "affected"
}
]
}
]Related
cve
cve
CVE-2022-22936
2022-03-29 17:15:15
prion
prion
Code injection
2022-03-29 17:15:00
alpinelinux
alpinelinux
CVE-2022-22936
2022-03-29 17:15:15
osv
osv
PYSEC-2022-173
2022-03-29 17:15:00
CVE-2022-22936
2022-03-29 17:15:15
SaltStack Salt Authentication Bypass by Capture-replay
2022-03-30 00:00:20
debiancve
debiancve
CVE-2022-22936
2022-03-29 17:15:15
ubuntucve
ubuntucve
CVE-2022-22936
2022-03-29 00:00:00
github
github
SaltStack Salt Authentication Bypass by Capture-replay
2022-03-30 00:00:20
nvd
nvd
CVE-2022-22936
2022-03-29 17:15:15
nessus
nessus
SUSE SLES15 Security Update : salt (SUSE-SU-2022:1060-1)
2022-03-31 00:00:00
SUSE SLES12 Security Update : salt (SUSE-SU-2022:1051-1)
2022-03-31 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:1060-1)
2022-03-31 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:1059-1)
2022-03-31 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:1057-1)
2022-03-31 00:00:00
suse
suse
Security update for salt (important)
2022-03-30 00:00:00
gentoo
gentoo
Salt: Multiple Vulnerabilities
2023-10-31 00:00:00