[ALPINE:CVE-2022-22941] salt vulnerability
Severity
Medium
Affected Packages
29
Fixed Packages
29
CVEs
1
[From CVE-2022-22941] An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisher_acl, if a user configured in the publisher_acl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid, allowing configured users to target any of the minions connected to the syndic with their configured commands. This requires a syndic master combined with publisher_acl configured on the Master-of-Masters, allowing users specified in the publisher_acl to bypass permissions, publishing authorized commands to any configured minion.
- ID
- ALPINE:CVE-2022-22941
- Severity
- medium
- URL
- https://security.alpinelinux.org/vuln/CVE-2022-22941
- Published
-
2022-03-29T17:15:15
(2 years ago) - Modified
-
2022-03-29T17:15:15
(2 years ago) - Rights
- Alpine Linux Security Team
- Other Advisories
GLSA-202310-22
openSUSE-SU-2022:1059-1
PYSEC-2022-174
SUSE-SU-2022:1049-1| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Fixed | pkg:apk/alpine/salt?arch=x86_64&distro=alpine-edge | alpine |
 salt
|
= 3004.1-r0 | alpine-edge | x86_64 | |
| Affected | pkg:apk/alpine/salt?arch=x86_64&distro=alpine-edge | alpine |
salt
|
< 3004.1-r0 | alpine-edge | x86_64 | |
| Fixed | pkg:apk/alpine/salt?arch=x86_64&distro=alpine-3.18 | alpine |
salt
|
= 3004.1-r0 | alpine-3.18 | x86_64 | |
| Affected | pkg:apk/alpine/salt?arch=x86_64&distro=alpine-3.18 | alpine |
salt
|
< 3004.1-r0 | alpine-3.18 | x86_64 | |
| Fixed | pkg:apk/alpine/salt?arch=x86_64&distro=alpine-3.17 | alpine |
salt
|
= 3004.1-r0 | alpine-3.17 | x86_64 | |
| Affected | pkg:apk/alpine/salt?arch=x86_64&distro=alpine-3.17 | alpine |
salt
|
< 3004.1-r0 | alpine-3.17 | x86_64 | |
| Fixed | pkg:apk/alpine/salt?arch=x86_64&distro=alpine-3.16 | alpine |
salt
|
= 3004.1-r0 | alpine-3.16 | x86_64 | |
| Affected | pkg:apk/alpine/salt?arch=x86_64&distro=alpine-3.16 | alpine |
salt
|
< 3004.1-r0 | alpine-3.16 | x86_64 | |
| Fixed | pkg:apk/alpine/salt?arch=x86&distro=alpine-edge | alpine |
salt
|
= 3004.1-r0 | alpine-edge | x86 | |
| Affected | pkg:apk/alpine/salt?arch=x86&distro=alpine-edge | alpine |
salt
|
< 3004.1-r0 | alpine-edge | x86 | |
| Fixed | pkg:apk/alpine/salt?arch=x86&distro=alpine-3.18 | alpine |
salt
|
= 3004.1-r0 | alpine-3.18 | x86 | |
| Affected | pkg:apk/alpine/salt?arch=x86&distro=alpine-3.18 | alpine |
salt
|
< 3004.1-r0 | alpine-3.18 | x86 | |
| Fixed | pkg:apk/alpine/salt?arch=x86&distro=alpine-3.17 | alpine |
salt
|
= 3004.1-r0 | alpine-3.17 | x86 | |
| Affected | pkg:apk/alpine/salt?arch=x86&distro=alpine-3.17 | alpine |
salt
|
< 3004.1-r0 | alpine-3.17 | x86 | |
| Fixed | pkg:apk/alpine/salt?arch=x86&distro=alpine-3.16 | alpine |
salt
|
= 3004.1-r0 | alpine-3.16 | x86 | |
| Affected | pkg:apk/alpine/salt?arch=x86&distro=alpine-3.16 | alpine |
salt
|
< 3004.1-r0 | alpine-3.16 | x86 | |
| Fixed | pkg:apk/alpine/salt?arch=s390x&distro=alpine-edge | alpine |
salt
|
= 3004.1-r0 | alpine-edge | s390x | |
| Affected | pkg:apk/alpine/salt?arch=s390x&distro=alpine-edge | alpine |
salt
|
< 3004.1-r0 | alpine-edge | s390x | |
| Fixed | pkg:apk/alpine/salt?arch=s390x&distro=alpine-3.18 | alpine |
salt
|
= 3004.1-r0 | alpine-3.18 | s390x | |
| Affected | pkg:apk/alpine/salt?arch=s390x&distro=alpine-3.18 | alpine |
salt
|
< 3004.1-r0 | alpine-3.18 | s390x | |
| Fixed | pkg:apk/alpine/salt?arch=s390x&distro=alpine-3.17 | alpine |
salt
|
= 3004.1-r0 | alpine-3.17 | s390x | |
| Affected | pkg:apk/alpine/salt?arch=s390x&distro=alpine-3.17 | alpine |
salt
|
< 3004.1-r0 | alpine-3.17 | s390x | |
| Fixed | pkg:apk/alpine/salt?arch=s390x&distro=alpine-3.16 | alpine |
salt
|
= 3004.1-r0 | alpine-3.16 | s390x | |
| Affected | pkg:apk/alpine/salt?arch=s390x&distro=alpine-3.16 | alpine |
salt
|
< 3004.1-r0 | alpine-3.16 | s390x | |
| Fixed | pkg:apk/alpine/salt?arch=riscv64&distro=alpine-edge | alpine |
salt
|
= 3004.1-r0 | alpine-edge | riscv64 | |
| Affected | pkg:apk/alpine/salt?arch=riscv64&distro=alpine-edge | alpine |
salt
|
< 3004.1-r0 | alpine-edge | riscv64 | |
| Fixed | pkg:apk/alpine/salt?arch=ppc64le&distro=alpine-edge | alpine |
salt
|
= 3004.1-r0 | alpine-edge | ppc64le | |
| Affected | pkg:apk/alpine/salt?arch=ppc64le&distro=alpine-edge | alpine |
salt
|
< 3004.1-r0 | alpine-edge | ppc64le | |
| Fixed | pkg:apk/alpine/salt?arch=ppc64le&distro=alpine-3.18 | alpine |
salt
|
= 3004.1-r0 | alpine-3.18 | ppc64le | |
| Affected | pkg:apk/alpine/salt?arch=ppc64le&distro=alpine-3.18 | alpine |
salt
|
< 3004.1-r0 | alpine-3.18 | ppc64le | |
| Fixed | pkg:apk/alpine/salt?arch=ppc64le&distro=alpine-3.17 | alpine |
salt
|
= 3004.1-r0 | alpine-3.17 | ppc64le | |
| Affected | pkg:apk/alpine/salt?arch=ppc64le&distro=alpine-3.17 | alpine |
salt
|
< 3004.1-r0 | alpine-3.17 | ppc64le | |
| Fixed | pkg:apk/alpine/salt?arch=ppc64le&distro=alpine-3.16 | alpine |
salt
|
= 3004.1-r0 | alpine-3.16 | ppc64le | |
| Affected | pkg:apk/alpine/salt?arch=ppc64le&distro=alpine-3.16 | alpine |
salt
|
< 3004.1-r0 | alpine-3.16 | ppc64le | |
| Fixed | pkg:apk/alpine/salt?arch=armv7&distro=alpine-edge | alpine |
salt
|
= 3004.1-r0 | alpine-edge | armv7 | |
| Affected | pkg:apk/alpine/salt?arch=armv7&distro=alpine-edge | alpine |
salt
|
< 3004.1-r0 | alpine-edge | armv7 | |
| Fixed | pkg:apk/alpine/salt?arch=armv7&distro=alpine-3.18 | alpine |
salt
|
= 3004.1-r0 | alpine-3.18 | armv7 | |
| Affected | pkg:apk/alpine/salt?arch=armv7&distro=alpine-3.18 | alpine |
salt
|
< 3004.1-r0 | alpine-3.18 | armv7 | |
| Fixed | pkg:apk/alpine/salt?arch=armv7&distro=alpine-3.17 | alpine |
salt
|
= 3004.1-r0 | alpine-3.17 | armv7 | |
| Affected | pkg:apk/alpine/salt?arch=armv7&distro=alpine-3.17 | alpine |
salt
|
< 3004.1-r0 | alpine-3.17 | armv7 | |
| Fixed | pkg:apk/alpine/salt?arch=armv7&distro=alpine-3.16 | alpine |
salt
|
= 3004.1-r0 | alpine-3.16 | armv7 | |
| Affected | pkg:apk/alpine/salt?arch=armv7&distro=alpine-3.16 | alpine |
salt
|
< 3004.1-r0 | alpine-3.16 | armv7 | |
| Fixed | pkg:apk/alpine/salt?arch=armhf&distro=alpine-edge | alpine |
salt
|
= 3004.1-r0 | alpine-edge | armhf | |
| Affected | pkg:apk/alpine/salt?arch=armhf&distro=alpine-edge | alpine |
salt
|
< 3004.1-r0 | alpine-edge | armhf | |
| Fixed | pkg:apk/alpine/salt?arch=armhf&distro=alpine-3.18 | alpine |
salt
|
= 3004.1-r0 | alpine-3.18 | armhf | |
| Affected | pkg:apk/alpine/salt?arch=armhf&distro=alpine-3.18 | alpine |
salt
|
< 3004.1-r0 | alpine-3.18 | armhf | |
| Fixed | pkg:apk/alpine/salt?arch=armhf&distro=alpine-3.17 | alpine |
salt
|
= 3004.1-r0 | alpine-3.17 | armhf | |
| Affected | pkg:apk/alpine/salt?arch=armhf&distro=alpine-3.17 | alpine |
salt
|
< 3004.1-r0 | alpine-3.17 | armhf | |
| Fixed | pkg:apk/alpine/salt?arch=armhf&distro=alpine-3.16 | alpine |
salt
|
= 3004.1-r0 | alpine-3.16 | armhf | |
| Affected | pkg:apk/alpine/salt?arch=armhf&distro=alpine-3.16 | alpine |
salt
|
< 3004.1-r0 | alpine-3.16 | armhf | |
| Fixed | pkg:apk/alpine/salt?arch=aarch64&distro=alpine-edge | alpine |
salt
|
= 3004.1-r0 | alpine-edge | aarch64 | |
| Affected | pkg:apk/alpine/salt?arch=aarch64&distro=alpine-edge | alpine |
salt
|
< 3004.1-r0 | alpine-edge | aarch64 | |
| Fixed | pkg:apk/alpine/salt?arch=aarch64&distro=alpine-3.18 | alpine |
salt
|
= 3004.1-r0 | alpine-3.18 | aarch64 | |
| Affected | pkg:apk/alpine/salt?arch=aarch64&distro=alpine-3.18 | alpine |
salt
|
< 3004.1-r0 | alpine-3.18 | aarch64 | |
| Fixed | pkg:apk/alpine/salt?arch=aarch64&distro=alpine-3.17 | alpine |
salt
|
= 3004.1-r0 | alpine-3.17 | aarch64 | |
| Affected | pkg:apk/alpine/salt?arch=aarch64&distro=alpine-3.17 | alpine |
salt
|
< 3004.1-r0 | alpine-3.17 | aarch64 | |
| Fixed | pkg:apk/alpine/salt?arch=aarch64&distro=alpine-3.16 | alpine |
salt
|
= 3004.1-r0 | alpine-3.16 | aarch64 | |
| Affected | pkg:apk/alpine/salt?arch=aarch64&distro=alpine-3.16 | alpine |
salt
|
< 3004.1-r0 | alpine-3.16 | aarch64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |