{"api_version":"1","generated_at":"2026-04-23T08:05:01+00:00","cve":"CVE-2022-22941","urls":{"html":"https://cve.report/CVE-2022-22941","api":"https://cve.report/api/cve/CVE-2022-22941.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-22941","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-22941"},"summary":{"title":"CVE-2022-22941","description":"An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisher_acl, if a user configured in the publisher_acl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid, allowing configured users to target any of the minions connected to the syndic with their configured commands. This requires a syndic master combined with publisher_acl configured on the Master-of-Masters, allowing users specified in the publisher_acl to bypass permissions, publishing authorized commands to any configured minion.","state":"PUBLIC","assigner":"security@vmware.com","published_at":"2022-03-29 17:15:00","updated_at":"2023-12-21 18:44:00"},"problem_types":["CWE-732"],"metrics":[],"references":[{"url":"https://github.com/saltstack/salt/releases%2C","name":"https://github.com/saltstack/salt/releases%2C","refsource":"","tags":[],"title":"","mime":"text/plain","httpstatus":"404","archivestatus":"404"},{"url":"https://saltproject.io/security_announcements/salt-security-advisory-release/%2C","name":"https://saltproject.io/security_announcements/salt-security-advisory-release/%2C","refsource":"","tags":[],"title":"Salt Security Advisory Release – Salt Project","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"https://repo.saltproject.io/","name":"https://repo.saltproject.io/","refsource":"MISC","tags":[],"title":"Salt Project Package Repo","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://saltproject.io/security_announcements/salt-security-advisory-release/,","name":"https://saltproject.io/security_announcements/salt-security-advisory-release/,","refsource":"MISC","tags":[],"title":"Salt Security Advisory Release – Salt Project","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/saltstack/salt/releases,","name":"https://github.com/saltstack/salt/releases,","refsource":"MISC","tags":[],"title":"","mime":"text/plain","httpstatus":"404","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202310-22","name":"GLSA-202310-22","refsource":"GENTOO","tags":[],"title":"Salt: Multiple Vulnerabilities (GLSA 202310-22) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-22941","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22941","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"22941","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"saltstack","cpe5":"salt","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-22941","qid":"502365","title":"Alpine Linux Security Update for salt"},{"cve":"CVE-2022-22941","qid":"710782","title":"Gentoo Linux Salt Multiple Vulnerabilities (GLSA 202310-22)"},{"cve":"CVE-2022-22941","qid":"751945","title":"SUSE Enterprise Linux Security Update for salt (SUSE-SU-2022:1060-1)"},{"cve":"CVE-2022-22941","qid":"751948","title":"SUSE Enterprise Linux Security Update for salt (SUSE-SU-2022:1058-1)"},{"cve":"CVE-2022-22941","qid":"751949","title":"SUSE Enterprise Linux Security Update for salt (SUSE-SU-2022:1057-1)"},{"cve":"CVE-2022-22941","qid":"751953","title":"OpenSUSE Security Update for salt (openSUSE-SU-2022:1059-1)"},{"cve":"CVE-2022-22941","qid":"752018","title":"SUSE Enterprise Linux Security Update for salt (SUSE-SU-2022:1059-1)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2022-22941","ASSIGNER":"security@vmware.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"SaltStack Salt","version":{"version_data":[{"version_value":"SaltStack Salt prior to 3002.8, 3003.4, 3004.1"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Salt Master allows configured users to target any of the minions connected to the syndic with their configured commands"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://saltproject.io/security_announcements/salt-security-advisory-release/,","url":"https://saltproject.io/security_announcements/salt-security-advisory-release/,"},{"refsource":"MISC","name":"https://github.com/saltstack/salt/releases,","url":"https://github.com/saltstack/salt/releases,"},{"refsource":"MISC","name":"https://repo.saltproject.io/","url":"https://repo.saltproject.io/"},{"refsource":"GENTOO","name":"GLSA-202310-22","url":"https://security.gentoo.org/glsa/202310-22"}]},"description":{"description_data":[{"lang":"eng","value":"An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisher_acl, if a user configured in the publisher_acl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid, allowing configured users to target any of the minions connected to the syndic with their configured commands. This requires a syndic master combined with publisher_acl configured on the Master-of-Masters, allowing users specified in the publisher_acl to bypass permissions, publishing authorized commands to any configured minion."}]}},"nvd":{"publishedDate":"2022-03-29 17:15:00","lastModifiedDate":"2023-12-21 18:44:00","problem_types":["CWE-732"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6},"severity":"MEDIUM","exploitabilityScore":6.8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*","versionStartIncluding":"3003","versionEndExcluding":"3003.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*","versionStartIncluding":"3004","versionEndExcluding":"3004.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*","versionStartIncluding":"3002","versionEndExcluding":"3002.8","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"22941","Ordinal":"225552","Title":"CVE-2022-22941","CVE":"CVE-2022-22941","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"22941","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}