#VU82815 Authentication Bypass by Capture-replay in Salt - CVE-2022-22936


Vulnerability identifier: #VU82815

Vulnerability risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-22936

CWE-ID: CWE-294

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Salt
Web applications / Remote management & hosting panels

Vendor: SaltStack

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to improper authentication in jobs. A remote attacker can perform a replay attack and force minions to run old jobs.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Salt: 3002 - 3002.7, 3003 - 3003.3, 3004

External links
https://saltproject.io/security_announcements/salt-security-advisory-release/
https://security.gentoo.org/glsa/202310-22

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Gentoo update for Salt
SUSE update for Security Beta update for SUSE Manager Client Tools
SUSE update for Security Beta update for SUSE Manager Salt Bundle
SUSE update for Security Beta update for SUSE Manager Salt Bundle
SUSE update for Security Beta update for SUSE Manager Salt Bundle
SUSE update for Security Beta update for SUSE Manager Salt Bundle
SUSE update for Security Beta update for SUSE Manager Salt Bundle
SUSE update for Security Beta update for SUSE Manager Client Tools
SUSE update for Security Beta update for SUSE Manager Client Tools
SUSE update for Security Beta update for SUSE Manager Client Tools