CVE-2022-22936 — SaltStack Salt Authentication Bypass by Capture-replay

Description

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A sufficient craft attacker could gain root access on minion under certain scenarios.

How to fix CVE-2022-22936

To remediate CVE-2022-22936, upgrade the affected package to a fixed version below.

—upgrade to 3002.8 or later
—upgrade to 3002.8 or later

Is CVE-2022-22936 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 3002.8
from 0, < 3002.8

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (14)

ADVISORYgithub.com/advisories/GHSA-5r3f-3m3j-wcj2
ADVISORYnvd.nist.gov/vuln/detail/CVE-2022-22936
ADVISORYsaltproject.io/security_announcements/salt-security-advisory-release/,
PATCHgithub.com/saltstack/salt