Описание
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | DNE | |
| esm-apps/bionic | needs-triage | |
| esm-apps/jammy | needs-triage | |
| esm-apps/xenial | needs-triage | |
| esm-infra-legacy/trusty | needs-triage | |
| impish | ignored | end of life |
| jammy | needs-triage | |
| kinetic | ignored | end of life, was needs-triage |
| lunar | DNE |
Показывать по
10
5.8 Medium
CVSS2
8.8 High
CVSS3
Связанные уязвимости
CVSS3: 8.8
nvd
почти 4 года назад
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data.
CVSS3: 8.8
debian
почти 4 года назад
An issue was discovered in SaltStack Salt in versions before 3002.8, 3 ...
CVSS3: 8.8
github
почти 4 года назад
SaltStack Improper Verification of Cryptographic Signature
5.8 Medium
CVSS2
8.8 High
CVSS3