{"api_version":"1","generated_at":"2026-04-23T08:14:58+00:00","cve":"CVE-2022-22936","urls":{"html":"https://cve.report/CVE-2022-22936","api":"https://cve.report/api/cve/CVE-2022-22936.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-22936","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-22936"},"summary":{"title":"CVE-2022-22936","description":"An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A sufficient craft attacker could gain root access on minion under certain scenarios.","state":"PUBLIC","assigner":"security@vmware.com","published_at":"2022-03-29 17:15:00","updated_at":"2023-12-21 18:47:00"},"problem_types":["CWE-294"],"metrics":[],"references":[{"url":"https://github.com/saltstack/salt/releases%2C","name":"https://github.com/saltstack/salt/releases%2C","refsource":"","tags":[],"title":"","mime":"text/plain","httpstatus":"404","archivestatus":"404"},{"url":"https://saltproject.io/security_announcements/salt-security-advisory-release/%2C","name":"https://saltproject.io/security_announcements/salt-security-advisory-release/%2C","refsource":"","tags":[],"title":"Salt Security Advisory Release – Salt Project","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"https://repo.saltproject.io/","name":"https://repo.saltproject.io/","refsource":"MISC","tags":[],"title":"Salt Project Package Repo","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://saltproject.io/security_announcements/salt-security-advisory-release/,","name":"https://saltproject.io/security_announcements/salt-security-advisory-release/,","refsource":"MISC","tags":[],"title":"Salt Security Advisory Release – Salt Project","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/saltstack/salt/releases,","name":"https://github.com/saltstack/salt/releases,","refsource":"MISC","tags":[],"title":"","mime":"text/plain","httpstatus":"404","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202310-22","name":"GLSA-202310-22","refsource":"GENTOO","tags":[],"title":"Salt: Multiple Vulnerabilities (GLSA 202310-22) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-22936","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22936","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"22936","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"saltstack","cpe5":"salt","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-22936","qid":"502365","title":"Alpine Linux Security Update for salt"},{"cve":"CVE-2022-22936","qid":"710782","title":"Gentoo Linux Salt Multiple Vulnerabilities (GLSA 202310-22)"},{"cve":"CVE-2022-22936","qid":"751945","title":"SUSE Enterprise Linux Security Update for salt (SUSE-SU-2022:1060-1)"},{"cve":"CVE-2022-22936","qid":"751948","title":"SUSE Enterprise Linux Security Update for salt (SUSE-SU-2022:1058-1)"},{"cve":"CVE-2022-22936","qid":"751949","title":"SUSE Enterprise Linux Security Update for salt (SUSE-SU-2022:1057-1)"},{"cve":"CVE-2022-22936","qid":"751953","title":"OpenSUSE Security Update for salt (openSUSE-SU-2022:1059-1)"},{"cve":"CVE-2022-22936","qid":"752018","title":"SUSE Enterprise Linux Security Update for salt (SUSE-SU-2022:1059-1)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2022-22936","ASSIGNER":"security@vmware.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"SaltStack Salt","version":{"version_data":[{"version_value":"SaltStack Salt prior to 3002.8, 3003.4, 3004.1"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Job publishes and file server replies are susceptible to replay attacks."}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://saltproject.io/security_announcements/salt-security-advisory-release/,","url":"https://saltproject.io/security_announcements/salt-security-advisory-release/,"},{"refsource":"MISC","name":"https://github.com/saltstack/salt/releases,","url":"https://github.com/saltstack/salt/releases,"},{"refsource":"MISC","name":"https://repo.saltproject.io/","url":"https://repo.saltproject.io/"},{"refsource":"GENTOO","name":"GLSA-202310-22","url":"https://security.gentoo.org/glsa/202310-22"}]},"description":{"description_data":[{"lang":"eng","value":"An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A sufficient craft attacker could gain root access on minion under certain scenarios."}]}},"nvd":{"publishedDate":"2022-03-29 17:15:00","lastModifiedDate":"2023-12-21 18:47:00","problem_types":["CWE-294"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:A/AC:M/Au:N/C:P/I:P/A:P","accessVector":"ADJACENT_NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":5.4},"severity":"MEDIUM","exploitabilityScore":5.5,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*","versionStartIncluding":"3003","versionEndExcluding":"3003.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*","versionStartIncluding":"3004","versionEndExcluding":"3004.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*","versionStartIncluding":"3002","versionEndExcluding":"3002.8","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"22936","Ordinal":"225535","Title":"CVE-2022-22936","CVE":"CVE-2022-22936","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"22936","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}