CVE-2022-22934

Summary

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data.

Affected Software

VendorProductVersion RangeStatus
n/aSaltStack SaltSaltStack Salt prior to 3002.8, 3003.4, 3004.1affected

Weaknesses

  • Salt Masters do not sign pillar data with the minion’s public key.

ADP Enrichment

CVE Program Container

Additional References

References