Lucene search
GoogleOSV:PYSEC-2022-210HistoryJun 23, 2022 - 5:15 p.m.
PYSEC-2022-210
2022-06-2317:15:00
Google
osv.dev
16
saltstack
salt
pam authentication
EPSS
0.002
Percentile
64.9%
An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an active session and salt-api users that authenticate via PAM eauth.
Related
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:2278-1)
2022-07-07 00:00:00
openSUSE: Security Advisory for salt (SUSE-SU-2022:2178-2)
2024-03-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:2304-1)
2022-07-07 00:00:00
nessus
nessus
SUSE SLES12 Security Update : salt (SUSE-SU-2022:2154-1)
2022-06-23 00:00:00
SUSE SLED15 / SLES15 Security Update : salt (SUSE-SU-2022:2178-1)
2022-06-25 00:00:00
SUSE SLES15 Security Update : salt (SUSE-SU-2022:2253-1)
2022-07-05 00:00:00
cvelist
cvelist
CVE-2022-22967
2022-06-22 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2195
2023-07-18 11:33:56
suse
suse
Security update for salt (important)
2022-06-24 00:00:00
Security update for salt (important)
2022-07-06 00:00:00
Security update for salt (important)
2022-09-01 00:00:00
ubuntucve
ubuntucve
CVE-2022-22967
2022-06-23 00:00:00
debiancve
debiancve
CVE-2022-22967
2022-06-23 17:15:12
nvd
nvd
CVE-2022-22967
2022-06-23 17:15:12
osv
osv
CVE-2022-22967
2022-06-23 17:15:12
Salt's PAM auth fails to reject locked accounts
2022-06-25 07:21:19
veracode
veracode
Authorization Bypass
2022-06-24 09:48:01
huntr
huntr
Improper Authorization
2022-03-05 19:20:04
prion
prion
Design/Logic Flaw
2022-06-23 17:15:00
github
github
Salt's PAM auth fails to reject locked accounts
2022-06-25 07:21:19
cve
cve
CVE-2022-22967
2022-06-23 17:15:12
gentoo
gentoo
Salt: Multiple Vulnerabilities
2023-10-31 00:00:00