Unauthenticated Arbitrary Pillar Data Substitution in SaltStack Salt
CVE-2022-22934 · HIGH Severity
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data.
Learn more about our Web Application Penetration Testing UK.