CVE-2022-22935
Summary
| CVE | CVE-2022-22935 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-03-29 17:15:00 UTC |
| Updated | 2023-12-21 18:47:00 UTC |
| Description | An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master. |
Risk And Classification
Problem Types: CWE-287
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| github.com/saltstack/salt/releases%2C | github.com | ||
| Salt Security Advisory Release – Salt Project | saltproject.io | ||
| Salt Project Package Repo | MISC | repo.saltproject.io | |
| Salt Security Advisory Release – Salt Project | MISC | saltproject.io | |
| github.com/saltstack/salt/releases, | MISC | github.com | |
| Salt: Multiple Vulnerabilities (GLSA 202310-22) — Gentoo security | GENTOO | security.gentoo.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 502365 Alpine Linux Security Update for salt
- 710782 Gentoo Linux Salt Multiple Vulnerabilities (GLSA 202310-22)
- 751945 SUSE Enterprise Linux Security Update for salt (SUSE-SU-2022:1060-1)
- 751948 SUSE Enterprise Linux Security Update for salt (SUSE-SU-2022:1058-1)
- 751949 SUSE Enterprise Linux Security Update for salt (SUSE-SU-2022:1057-1)
- 751953 OpenSUSE Security Update for salt (openSUSE-SU-2022:1059-1)
- 752018 SUSE Enterprise Linux Security Update for salt (SUSE-SU-2022:1059-1)