Описание
SaltStack Salt Improper SSL Certificate Validation
In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-35662
- https://www.debian.org/security/2021/dsa-5011
- https://security.gentoo.org/glsa/202310-22
- https://security.gentoo.org/glsa/202103-01
- https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB
- https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html
- https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.3.rst#L18
- https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.5.rst#L18
- https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.7.rst#L18
- https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-75.yaml
Пакеты
salt
< 2015.8.13
2015.8.13
salt
>= 2016.3.0, < 2016.11.5
2016.11.5
salt
>= 2016.11.7, < 2016.11.10
2016.11.10
salt
>= 2017.5.0, < 2017.7.8
2017.7.8
salt
>= 2018.2.0, <= 2018.3.5
Отсутствует
salt
>= 2019.2.0, < 2019.2.8
2019.2.8
salt
>= 3000, < 3000.7
3000.7
salt
>= 3001, < 3001.5
3001.5
salt
>= 3002, < 3002.3
3002.3
Связанные уязвимости
In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.
In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.
In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.
In SaltStack Salt before 3002.5, when authenticating to services using ...
Уязвимость системы управления конфигурациями и удалённого выполнения операций SaltStack Salt, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю выполнить атаку типа «человек посередине»