cbcvebase.
CVE-2022-22935
published 2022-03-29

CVE-2022-22935: An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to…

PriorityP414low3.7CVSS 3.1
AVNACHPRNUINSUCNINAL
EPSS
1.59%
72.5th percentile
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master.

Affected

6 ranges
VendorProductVersion rangeFixed in
saltstacksalt>= 0 < 3002.83002.8
saltstacksalt>= 3002 < 3002.83002.8
saltstacksalt>= 3003 < 3003.43003.4
saltstacksalt>= 3003 < 3003.43003.4
saltstacksalt>= 3004 < 3004.13004.1
saltstacksalt>= 3004 < 3004.13004.1

CVSS provenance

nvdv3.13.7LOWCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.