Vulnerability Details CVE-2022-22935
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 18.5%
CVSS Severity
CVSS v3 Score 3.7
CVSS v2 Score 4.3
References
- https://github.com/saltstack/salt/releases%2C
- https://repo.saltproject.io/
- https://saltproject.io/security_announcements/salt-security-advisory-release/%2C
- https://security.gentoo.org/glsa/202310-22
- https://github.com/saltstack/salt/releases%2C
- https://repo.saltproject.io/
- https://saltproject.io/security_announcements/salt-security-advisory-release/%2C
- https://security.gentoo.org/glsa/202310-22
Products affected by CVE-2022-22935
-
cpe:2.3:a:saltstack:salt:3002
-
cpe:2.3:a:saltstack:salt:3002.1
-
cpe:2.3:a:saltstack:salt:3002.2
-
cpe:2.3:a:saltstack:salt:3002.3
-
cpe:2.3:a:saltstack:salt:3002.4
-
cpe:2.3:a:saltstack:salt:3002.5
-
cpe:2.3:a:saltstack:salt:3002.6
-
cpe:2.3:a:saltstack:salt:3002.7
-
cpe:2.3:a:saltstack:salt:3003
-
cpe:2.3:a:saltstack:salt:3003.1
-
cpe:2.3:a:saltstack:salt:3003.2
-
cpe:2.3:a:saltstack:salt:3003.3
-
cpe:2.3:a:saltstack:salt:3004