CVE-2022-22934

CVE-2022-22934

EPSS 0.9%

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data.

Productos afectados

n/a · SaltStack Salt

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/saltstack/salt/releases%2C https://repo.saltproject.io/https://saltproject.io/security_announcements/salt-security-advisory-release/%2C https://security.gentoo.org/glsa/202310-22