CVE-2022-22935

low-risk
Published 2022-03-29

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master.

Do I need to act?

-
0.07% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.7/10 Low
NETWORK / HIGH complexity

Affected Products (1)

Affected Vendors

Saltstack

References (8)

Broken Link https://github.com/saltstack/salt/releases%2C
Product https://repo.saltproject.io/
Broken Link https://saltproject.io/security_announcements/salt-security-advisory-release/%2C
Third Party Advisory https://security.gentoo.org/glsa/202310-22
Broken Link https://github.com/saltstack/salt/releases%2C
Product https://repo.saltproject.io/
Broken Link https://saltproject.io/security_announcements/salt-security-advisory-release/%2C
Third Party Advisory https://security.gentoo.org/glsa/202310-22
18
/ 100
low-risk
Severity 13/34 · Low
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal