Lucene search
GoogleOSV:PYSEC-2022-173HistoryMar 29, 2022 - 5:15 p.m.
PYSEC-2022-173
2022-03-2917:15:00
Google
osv.dev
16
saltstack salt
replay attacks
job publish
file server
root access
EPSS
0.001
Percentile
43.9%
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A sufficient craft attacker could gain root access on minion under certain scenarios.
Related
cve
cve
CVE-2022-22936
2022-03-29 17:15:15
prion
prion
Code injection
2022-03-29 17:15:00
alpinelinux
alpinelinux
CVE-2022-22936
2022-03-29 17:15:15
cvelist
cvelist
CVE-2022-22936
2022-03-29 00:00:00
debiancve
debiancve
CVE-2022-22936
2022-03-29 17:15:15
ubuntucve
ubuntucve
CVE-2022-22936
2022-03-29 00:00:00
osv
osv
CVE-2022-22936
2022-03-29 17:15:15
SaltStack Salt Authentication Bypass by Capture-replay
2022-03-30 00:00:20
github
github
SaltStack Salt Authentication Bypass by Capture-replay
2022-03-30 00:00:20
nvd
nvd
CVE-2022-22936
2022-03-29 17:15:15
nessus
nessus
SUSE SLES15 Security Update : salt (SUSE-SU-2022:1060-1)
2022-03-31 00:00:00
SUSE SLES12 Security Update : salt (SUSE-SU-2022:1051-1)
2022-03-31 00:00:00
SUSE SLES15 Security Update : salt (SUSE-SU-2022:1057-1)
2022-03-31 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:1060-1)
2022-03-31 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:1059-1)
2022-03-31 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:1057-1)
2022-03-31 00:00:00
suse
suse
Security update for salt (important)
2022-03-30 00:00:00
gentoo
gentoo
Salt: Multiple Vulnerabilities
2023-10-31 00:00:00