CVE-2024-38822

Summary

Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion.

Affected Software

VendorProductVersion RangeStatus
VMwareSALT3006.x < 3006.12affected
VMwareSALT3007.x < 3007.4affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References