CVE-2022-22934

CVE-2022-22934

EPSS 0.9%

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data.

Produtos afetados

n/a · SaltStack Salt

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/saltstack/salt/releases%2C https://repo.saltproject.io/https://saltproject.io/security_announcements/salt-security-advisory-release/%2C https://security.gentoo.org/glsa/202310-22