+296
-70
lines changedFilter options
+296
-70
lines changed Original file line number Diff line number Diff line change
@@ -7,6 +7,69 @@ Versions are `MAJOR.PATCH`.
7 7 8 8
# Changelog
9 9 10 +
## 3006.12 (2025-06-12)
11 + 12 + 13 +
### Fixed
14 + 15 +
- CVE-2024-38822
16 +
Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion.
17 + 18 +
CVSS 2.7 V:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
19 + 20 +
CVE-2024-38823
21 +
Salt's request server is vulnerable to replay attacks when not using a TLS encrypted transport.
22 + 23 +
CVSS Score 2.7 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
24 + 25 +
CVE-2024-38824
26 +
Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.
27 + 28 +
CVSS Score 9.6 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
29 + 30 +
CVE-2024-38825
31 +
The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication attempt to be accepted.
32 + 33 +
CVSS Score 6.4 AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
34 + 35 +
CVE-2025-22236
36 +
Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions (>= 3007.0).
37 + 38 +
CVSS 8.1 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
39 + 40 +
CVE-2025-22237
41 +
An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process.
42 + 43 +
CVSS 6.7 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
44 + 45 +
CVE-2025-22238
46 +
Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory.
47 + 48 +
CVSS 4.2 AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
49 + 50 +
CVE-2025-22239
51 +
Arbitrary event injection on Salt Master. The master's "_minion_event" method can be used by and authorized minion to send arbitrary events onto the master's event bus.
52 + 53 +
CVSS 8.1 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
54 + 55 +
CVE-2025-22240
56 +
Arbitrary directory creation or file deletion. In the find_file method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgt_env” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to
57 + 58 +
CVSS 6.3 AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
59 + 60 +
CVE-2025-22241
61 +
File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location and is present in the default configuration.
62 + 63 +
CVSS 5.6 AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
64 + 65 +
CVE-2025-22242
66 +
Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pub_ret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by attempting to read from a filename that will not return any data, e.g. by targeting a pipe node on the proc file system.
67 + 68 +
CVSS 5.6 AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H
69 + 70 +
This release also includes sqlite 3.50.1 to address CVE-2025-29087 [#68033](https://github.com/saltstack/salt/issues/68033)
71 + 72 + 10 73
## 3006.11 (2025-06-02)
11 74 12 75
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
27 27
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
28 28
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
29 29
..
30 -
.TH "SALT-API" "1" "Generated on June 02, 2025 at 21:37:04 UTC." "3006.11" "Salt"
30 +
.TH "SALT-API" "1" "Generated on June 12, 2025 at 16:47:43 UTC." "3006.12" "Salt"
31 31
.SH NAME
32 32
salt-api \- salt-api Command
33 33
.sp
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
27 27
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
28 28
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
29 29
..
30 -
.TH "SALT-CALL" "1" "Generated on June 02, 2025 at 21:37:04 UTC." "3006.11" "Salt"
30 +
.TH "SALT-CALL" "1" "Generated on June 12, 2025 at 16:47:43 UTC." "3006.12" "Salt"
31 31
.SH NAME
32 32
salt-call \- salt-call Documentation
33 33
.SH SYNOPSIS
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
27 27
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
28 28
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
29 29
..
30 -
.TH "SALT-CLOUD" "1" "Generated on June 02, 2025 at 21:37:04 UTC." "3006.11" "Salt"
30 +
.TH "SALT-CLOUD" "1" "Generated on June 12, 2025 at 16:47:43 UTC." "3006.12" "Salt"
31 31
.SH NAME
32 32
salt-cloud \- Salt Cloud Command
33 33
.sp
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
27 27
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
28 28
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
29 29
..
30 -
.TH "SALT-CP" "1" "Generated on June 02, 2025 at 21:37:04 UTC." "3006.11" "Salt"
30 +
.TH "SALT-CP" "1" "Generated on June 12, 2025 at 16:47:43 UTC." "3006.12" "Salt"
31 31
.SH NAME
32 32
salt-cp \- salt-cp Documentation
33 33
.sp
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
27 27
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
28 28
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
29 29
..
30 -
.TH "SALT-KEY" "1" "Generated on June 02, 2025 at 21:37:04 UTC." "3006.11" "Salt"
30 +
.TH "SALT-KEY" "1" "Generated on June 12, 2025 at 16:47:43 UTC." "3006.12" "Salt"
31 31
.SH NAME
32 32
salt-key \- salt-key Documentation
33 33
.SH SYNOPSIS
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
27 27
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
28 28
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
29 29
..
30 -
.TH "SALT-MASTER" "1" "Generated on June 02, 2025 at 21:37:04 UTC." "3006.11" "Salt"
30 +
.TH "SALT-MASTER" "1" "Generated on June 12, 2025 at 16:47:43 UTC." "3006.12" "Salt"
31 31
.SH NAME
32 32
salt-master \- salt-master Documentation
33 33
.sp
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
27 27
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
28 28
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
29 29
..
30 -
.TH "SALT-MINION" "1" "Generated on June 02, 2025 at 21:37:04 UTC." "3006.11" "Salt"
30 +
.TH "SALT-MINION" "1" "Generated on June 12, 2025 at 16:47:43 UTC." "3006.12" "Salt"
31 31
.SH NAME
32 32
salt-minion \- salt-minion Documentation
33 33
.sp
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
27 27
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
28 28
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
29 29
..
30 -
.TH "SALT-PROXY" "1" "Generated on June 02, 2025 at 21:37:04 UTC." "3006.11" "Salt"
30 +
.TH "SALT-PROXY" "1" "Generated on June 12, 2025 at 16:47:43 UTC." "3006.12" "Salt"
31 31
.SH NAME
32 32
salt-proxy \- salt-proxy Documentation
33 33
.sp
You can’t perform that action at this time.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4