Lucene search
Veracode Vulnerability DatabaseVERACODE:36113HistoryJun 24, 2022 - 9:48 a.m.
Authorization Bypass
2022-06-2409:48:01
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
18
authorization bypass
pam authentication
locked accounts
EPSS
0.002
Percentile
64.9%
salt is vulnerable to authorization bypass. The vulnerability exists in my_conv function in pam.py because PAM auth doesn’t reject locked accounts which allows an attacker to perform unauthorized actions when the accounts are locked.
References
bugzilla.suse.com/show_bug.cgi?id=CVE-2022-22967
github.com/saltstack/salt/commit/e068a34ccb2e17ae7224f8016a24b727f726d4c8
repo.saltproject.io/
saltproject.io/security_announcements/salt-security-advisory-release-june-21st-2022/
saltproject.io/security_announcements/salt-security-advisory-release-june-21st-2022/,
Related
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:2278-1)
2022-07-07 00:00:00
openSUSE: Security Advisory for salt (SUSE-SU-2022:2178-2)
2024-03-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:2304-1)
2022-07-07 00:00:00
nessus
nessus
SUSE SLES12 Security Update : salt (SUSE-SU-2022:2154-1)
2022-06-23 00:00:00
SUSE SLED15 / SLES15 Security Update : salt (SUSE-SU-2022:2178-1)
2022-06-25 00:00:00
SUSE SLES15 Security Update : salt (SUSE-SU-2022:2253-1)
2022-07-05 00:00:00
cvelist
cvelist
CVE-2022-22967
2022-06-22 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2195
2023-07-18 11:33:56
suse
suse
Security update for salt (important)
2022-06-24 00:00:00
Security update for salt (important)
2022-07-06 00:00:00
Security update for salt (important)
2022-09-01 00:00:00
ubuntucve
ubuntucve
CVE-2022-22967
2022-06-23 00:00:00
osv
osv
PYSEC-2022-210
2022-06-23 17:15:00
CVE-2022-22967
2022-06-23 17:15:12
Salt's PAM auth fails to reject locked accounts
2022-06-25 07:21:19
debiancve
debiancve
CVE-2022-22967
2022-06-23 17:15:12
nvd
nvd
CVE-2022-22967
2022-06-23 17:15:12
huntr
huntr
Improper Authorization
2022-03-05 19:20:04
prion
prion
Design/Logic Flaw
2022-06-23 17:15:00
github
github
Salt's PAM auth fails to reject locked accounts
2022-06-25 07:21:19
cve
cve
CVE-2022-22967
2022-06-23 17:15:12
gentoo
gentoo
Salt: Multiple Vulnerabilities
2023-10-31 00:00:00