CVE-2024-38822

CWE-287Improper Authentication4 documents4 sources
Severity
2.7LOW
EPSS
0.3%
top 49.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Vmware Salt
Timeline
PublishedJun 13

Description

Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages1 packages

CVEListV5vmware/salt3006.x3006.12+1

🔴Vulnerability Details

3
CVEList
CVE-2024-38822 Salt Advisory2025-06-13
GHSA
GHSA-5m5v-pwj7-rj26: Multiple methods in the salt master skip minion token validation2025-06-13
OSV
CVE-2024-38822: Multiple methods in the salt master skip minion token validation2025-06-13
CVE-2024-38822 (LOW CVSS 2.7) | Multiple methods in the salt master | cvebase.io