salt is vulnerable to authorization bypass. The vulnerability exists in my_conv
function in pam.py
because PAM auth doesn’t reject locked accounts which allows an attacker to perform unauthorized actions when the accounts are locked.
bugzilla.suse.com/show_bug.cgi?id=CVE-2022-22967
github.com/saltstack/salt/commit/e068a34ccb2e17ae7224f8016a24b727f726d4c8
repo.saltproject.io/
saltproject.io/security_announcements/salt-security-advisory-release-june-21st-2022/
saltproject.io/security_announcements/salt-security-advisory-release-june-21st-2022/,