SaltStack Salt prior 3002.9/3003.5/3004.2 PAM Auth improper authorization

A vulnerability was found in SaltStack Salt. It has been classified as critical. This affects some unknown functionality of the component PAM Auth. Upgrading to version 3002.9, 3003.5 or 3004.2 eliminates this vulnerability. The upgrade is hosted for download at saltproject.io.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

121
019

Field

exploit_price_0day1
vulnerability_cvss3_meta_tempscore1
vulnerability_cvss3_meta_basescore1
vulnerability_cvss3_vuldb_tempscore1
vulnerability_cvss3_vuldb_basescore1

Commit Conf

90%29
50%11

Approve Conf

90%29
80%11
IDCommitedUserFieldChangeRemarksAcceptedReasonC
1264314706/23/2022VulD...price_0day$0-$5ksee exploit price documentation06/23/2022accepted
90
1264314606/23/2022VulD...cvss3_meta_tempscore4.4see CVSS documentation06/23/2022accepted
90
1264314506/23/2022VulD...cvss3_meta_basescore4.6see CVSS documentation06/23/2022accepted
90
1264314406/23/2022VulD...cvss3_vuldb_tempscore4.4see CVSS documentation06/23/2022accepted
90
1264314306/23/2022VulD...cvss3_vuldb_basescore4.6see CVSS documentation06/23/2022accepted
90
1264314206/23/2022VulD...cvss2_vuldb_tempscore3.5see CVSS documentation06/23/2022accepted
90
1264314106/23/2022VulD...cvss2_vuldb_basescore4.0see CVSS documentation06/23/2022accepted
90
1264314006/23/2022VulD...cvss3_vuldb_eXderived from historical data06/23/2022accepted
80
1264313906/23/2022VulD...cvss3_vuldb_avAderived from historical data06/23/2022accepted
80
1264313806/23/2022VulD...cvss2_vuldb_eNDderived from historical data06/23/2022accepted
80
1264313706/23/2022VulD...cvss2_vuldb_auSderived from historical data06/23/2022accepted
80
1264313606/23/2022VulD...cvss2_vuldb_avAderived from historical data06/23/2022accepted
80
1264313506/23/2022VulD...cvss2_vuldb_rlOFderived from vuldb v3 vector06/23/2022accepted
80
1264313406/23/2022VulD...cvss2_vuldb_rcCderived from vuldb v3 vector06/23/2022accepted
80
1264313306/23/2022VulD...cvss2_vuldb_aiPderived from vuldb v3 vector06/23/2022accepted
80
1264313206/23/2022VulD...cvss2_vuldb_iiPderived from vuldb v3 vector06/23/2022accepted
80
1264313106/23/2022VulD...cvss2_vuldb_ciPderived from vuldb v3 vector06/23/2022accepted
80
1264313006/23/2022VulD...cvss2_vuldb_acHderived from vuldb v3 vector06/23/2022accepted
80
1264312906/23/2022VulD...date1655935200 (06/23/2022)06/23/2022accepted
90
1264312806/23/2022VulD...cve_nvd_summaryAn issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an active session and salt-api users that authenticate via PAM eauth.cve.org06/23/2022accepted
90

20 more entries are not shown

Do you want to use VulDB in your project?

Use the official API to access entries easily!