← back
CVE-2022-22934

CVE-2022-22934

EPSS 0.9%
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data.
Affected products
n/a · SaltStack Salt

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/saltstack/salt/releases%2Chttps://repo.saltproject.io/https://saltproject.io/security_announcements/salt-security-advisory-release/%2Chttps://security.gentoo.org/glsa/202310-22