Количество 11
Количество 11
CVE-2022-22967
An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an active session and salt-api users that authenticate via PAM eauth.
CVE-2022-22967
An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an active session and salt-api users that authenticate via PAM eauth.
CVE-2022-22967
An issue was discovered in SaltStack Salt in versions before 3002.9, 3 ...
SUSE-SU-2022:2304-1
Security update for salt
SUSE-SU-2022:2278-1
Security update for salt
SUSE-SU-2022:2253-1
Security update for salt
SUSE-SU-2022:2178-1
Security update for salt
SUSE-SU-2022:2159-1
Security update for salt
SUSE-SU-2022:2154-1
Security update for salt
GHSA-fpxm-fprw-6hxj
Salt's PAM auth fails to reject locked accounts
BDU:2022-03745
Уязвимость функции PAM auth системы управления конфигурациями и удалённого выполнения операций Salt, позволяющая нарушителю выполнять произвольные команды
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2022-22967 An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an active session and salt-api users that authenticate via PAM eauth. | CVSS3: 8.8 | 1% Низкий | больше 3 лет назад |
 | CVE-2022-22967 An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an active session and salt-api users that authenticate via PAM eauth. | CVSS3: 8.8 | 1% Низкий | больше 3 лет назад |
| CVE-2022-22967 An issue was discovered in SaltStack Salt in versions before 3002.9, 3 ... | CVSS3: 8.8 | 1% Низкий | больше 3 лет назад |
 | SUSE-SU-2022:2304-1 Security update for salt | 1% Низкий | больше 3 лет назад | |
| SUSE-SU-2022:2278-1 Security update for salt | 1% Низкий | больше 3 лет назад | |
| SUSE-SU-2022:2253-1 Security update for salt | 1% Низкий | больше 3 лет назад | |
| SUSE-SU-2022:2178-1 Security update for salt | 1% Низкий | больше 3 лет назад | |
| SUSE-SU-2022:2159-1 Security update for salt | 1% Низкий | больше 3 лет назад | |
| SUSE-SU-2022:2154-1 Security update for salt | 1% Низкий | больше 3 лет назад | |
| GHSA-fpxm-fprw-6hxj Salt's PAM auth fails to reject locked accounts | CVSS3: 7.5 | 1% Низкий | больше 3 лет назад |
 | BDU:2022-03745 Уязвимость функции PAM auth системы управления конфигурациями и удалённого выполнения операций Salt, позволяющая нарушителю выполнять произвольные команды | CVSS3: 7.5 | 1% Низкий | больше 3 лет назад |
Уязвимостей на страницу