CVE-2022-22941

29.03.2022, 17:15

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisher_acl, if a user configured in the publisher_acl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid, allowing configured users to target any of the minions connected to the syndic with their configured commands. This requires a syndic master combined with publisher_acl configured on the Master-of-Masters, allowing users specified in the publisher_acl to bypass permissions, publishing authorized commands to any configured minion.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 3%

Affected Products (NVD)

Vendor	Product	Version
saltstack	salt	3002 ≤ 𝑥 < 3002.8
saltstack	salt	3003 ≤ 𝑥 < 3003.4
saltstack	salt	3004 ≤ 𝑥 < 3004.1

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

salt

bionic	needs-triage
impish	ignored
jammy	needs-triage
kinetic	ignored
lunar	dne
mantic	dne
noble	dne
trusty	needs-triage
xenial	needs-triage

openSUSE / SLES Releases

openSUSE Product

Release

python3-salt

suse enterprise desktop 15 SP3	3002.2-150300.53.16.1 fixed
suse enterprise desktop 15 SP5	3005.1-150500.2.13 fixed
suse enterprise desktop 15 SP6	3006.0-150500.4.29.1 fixed
suse enterprise sap 15 SP3	3002.2-150300.53.16.1 fixed
suse enterprise sap 15 SP5	3005.1-150500.2.13 fixed
suse enterprise sap 15 SP6	3006.0-150500.4.29.1 fixed
suse enterprise server 15	3002.2-150000.8.41.32.1 fixed
suse enterprise server 15 SP1	3002.2-150100.63.1 fixed
suse enterprise server 15 SP2	3002.2-150200.64.1 fixed
suse enterprise server 15 SP3	3002.2-150300.53.16.1 fixed
suse enterprise server 15 SP5	3005.1-150500.2.13 fixed
suse enterprise server 15 SP6	3006.0-150500.4.29.1 fixed

python3-salt-3004

suse enterprise desktop 15 SP4	150400.6.16 fixed
suse enterprise sap 15 SP4	150400.6.16 fixed
suse enterprise server 15 SP4	150400.6.16 fixed

salt

suse enterprise desktop 15 SP3	3002.2-150300.53.16.1 fixed
suse enterprise desktop 15 SP5	3005.1-150500.2.13 fixed
suse enterprise desktop 15 SP6	3006.0-150500.4.29.1 fixed
suse enterprise sap 15 SP3	3002.2-150300.53.16.1 fixed
suse enterprise sap 15 SP5	3005.1-150500.2.13 fixed
suse enterprise sap 15 SP6	3006.0-150500.4.29.1 fixed
suse enterprise server 15	3002.2-150000.8.41.32.1 fixed
suse enterprise server 15 SP1	3002.2-150100.63.1 fixed
suse enterprise server 15 SP2	3002.2-150200.64.1 fixed
suse enterprise server 15 SP3	3002.2-150300.53.16.1 fixed
suse enterprise server 15 SP5	3005.1-150500.2.13 fixed
suse enterprise server 15 SP6	3006.0-150500.4.29.1 fixed

salt-3004

suse enterprise desktop 15 SP4	150400.6.16 fixed
suse enterprise sap 15 SP4	150400.6.16 fixed
suse enterprise server 15 SP4	150400.6.16 fixed

salt-api

suse enterprise sap 15 SP3	3002.2-150300.53.16.1 fixed
suse enterprise server 15	3002.2-150000.8.41.32.1 fixed
suse enterprise server 15 SP1	3002.2-150100.63.1 fixed
suse enterprise server 15 SP2	3002.2-150200.64.1 fixed
suse enterprise server 15 SP3	3002.2-150300.53.16.1 fixed

salt-api-3004

suse enterprise sap 15 SP4	150400.6.16 fixed
suse enterprise server 15 SP4	150400.6.16 fixed

salt-bash-completion

suse enterprise desktop 15 SP3	3002.2-150300.53.16.1 fixed
suse enterprise desktop 15 SP5	3005.1-150500.2.13 fixed
suse enterprise desktop 15 SP6	3006.0-150500.4.29.1 fixed
suse enterprise sap 15 SP3	3002.2-150300.53.16.1 fixed
suse enterprise sap 15 SP5	3005.1-150500.2.13 fixed
suse enterprise sap 15 SP6	3006.0-150500.4.29.1 fixed
suse enterprise server 15	3002.2-150000.8.41.32.1 fixed
suse enterprise server 15 SP1	3002.2-150100.63.1 fixed
suse enterprise server 15 SP2	3002.2-150200.64.1 fixed
suse enterprise server 15 SP3	3002.2-150300.53.16.1 fixed
suse enterprise server 15 SP5	3005.1-150500.2.13 fixed
suse enterprise server 15 SP6	3006.0-150500.4.29.1 fixed

salt-bash-completion-3004

suse enterprise desktop 15 SP4	150400.6.16 fixed
suse enterprise sap 15 SP4	150400.6.16 fixed
suse enterprise server 15 SP4	150400.6.16 fixed

salt-cloud

suse enterprise sap 15 SP3	3002.2-150300.53.16.1 fixed
suse enterprise server 15	3002.2-150000.8.41.32.1 fixed
suse enterprise server 15 SP1	3002.2-150100.63.1 fixed
suse enterprise server 15 SP2	3002.2-150200.64.1 fixed
suse enterprise server 15 SP3	3002.2-150300.53.16.1 fixed

salt-cloud-3004

suse enterprise sap 15 SP4	150400.6.16 fixed
suse enterprise server 15 SP4	150400.6.16 fixed

salt-doc

suse enterprise desktop 15 SP3	3002.2-150300.53.16.1 fixed
suse enterprise desktop 15 SP5	3005.1-150500.2.13 fixed
suse enterprise desktop 15 SP6	3006.0-150500.4.29.1 fixed
suse enterprise sap 15 SP3	3002.2-150300.53.16.1 fixed
suse enterprise sap 15 SP5	3005.1-150500.2.13 fixed
suse enterprise sap 15 SP6	3006.0-150500.4.29.1 fixed
suse enterprise server 15	3002.2-150000.8.41.32.1 fixed
suse enterprise server 15 SP1	3002.2-150100.63.1 fixed
suse enterprise server 15 SP2	3002.2-150200.64.1 fixed
suse enterprise server 15 SP3	3002.2-150300.53.16.1 fixed
suse enterprise server 15 SP5	3005.1-150500.2.13 fixed
suse enterprise server 15 SP6	3006.0-150500.4.29.1 fixed

salt-doc-3004

suse enterprise desktop 15 SP4	150400.6.16 fixed
suse enterprise sap 15 SP4	150400.6.16 fixed
suse enterprise server 15 SP4	150400.6.16 fixed

salt-fish-completion

suse enterprise sap 15 SP3	3002.2-150300.53.16.1 fixed
suse enterprise server 15	3002.2-150000.8.41.32.1 fixed
suse enterprise server 15 SP1	3002.2-150100.63.1 fixed
suse enterprise server 15 SP2	3002.2-150200.64.1 fixed
suse enterprise server 15 SP3	3002.2-150300.53.16.1 fixed

salt-fish-completion-3004

suse enterprise sap 15 SP4	150400.6.16 fixed
suse enterprise server 15 SP4	150400.6.16 fixed

salt-master

suse enterprise sap 15 SP3	3002.2-150300.53.16.1 fixed
suse enterprise server 15	3002.2-150000.8.41.32.1 fixed
suse enterprise server 15 SP1	3002.2-150100.63.1 fixed
suse enterprise server 15 SP2	3002.2-150200.64.1 fixed
suse enterprise server 15 SP3	3002.2-150300.53.16.1 fixed

salt-master-3004

suse enterprise sap 15 SP4	150400.6.16 fixed
suse enterprise server 15 SP4	150400.6.16 fixed

salt-minion

suse enterprise desktop 15 SP3	3002.2-150300.53.16.1 fixed
suse enterprise desktop 15 SP5	3005.1-150500.2.13 fixed
suse enterprise desktop 15 SP6	3006.0-150500.4.29.1 fixed
suse enterprise sap 15 SP3	3002.2-150300.53.16.1 fixed
suse enterprise sap 15 SP5	3005.1-150500.2.13 fixed
suse enterprise sap 15 SP6	3006.0-150500.4.29.1 fixed
suse enterprise server 15	3002.2-150000.8.41.32.1 fixed
suse enterprise server 15 SP1	3002.2-150100.63.1 fixed
suse enterprise server 15 SP2	3002.2-150200.64.1 fixed
suse enterprise server 15 SP3	3002.2-150300.53.16.1 fixed
suse enterprise server 15 SP5	3005.1-150500.2.13 fixed
suse enterprise server 15 SP6	3006.0-150500.4.29.1 fixed

salt-minion-3004

suse enterprise desktop 15 SP4	150400.6.16 fixed
suse enterprise sap 15 SP4	150400.6.16 fixed
suse enterprise server 15 SP4	150400.6.16 fixed

salt-proxy

suse enterprise sap 15 SP3	3002.2-150300.53.16.1 fixed
suse enterprise server 15	3002.2-150000.8.41.32.1 fixed
suse enterprise server 15 SP1	3002.2-150100.63.1 fixed
suse enterprise server 15 SP2	3002.2-150200.64.1 fixed
suse enterprise server 15 SP3	3002.2-150300.53.16.1 fixed

salt-proxy-3004

suse enterprise sap 15 SP4	150400.6.16 fixed
suse enterprise server 15 SP4	150400.6.16 fixed

salt-ssh

suse enterprise sap 15 SP3	3002.2-150300.53.16.1 fixed
suse enterprise server 15	3002.2-150000.8.41.32.1 fixed
suse enterprise server 15 SP1	3002.2-150100.63.1 fixed
suse enterprise server 15 SP2	3002.2-150200.64.1 fixed
suse enterprise server 15 SP3	3002.2-150300.53.16.1 fixed

salt-ssh-3004

suse enterprise sap 15 SP4	150400.6.16 fixed
suse enterprise server 15 SP4	150400.6.16 fixed

salt-standalone-formulas-configuration

suse enterprise sap 15 SP3	3002.2-150300.53.16.1 fixed
suse enterprise server 15	3002.2-150000.8.41.32.1 fixed
suse enterprise server 15 SP1	3002.2-150100.63.1 fixed
suse enterprise server 15 SP2	3002.2-150200.64.1 fixed
suse enterprise server 15 SP3	3002.2-150300.53.16.1 fixed

salt-standalone-formulas-configuration-3004

suse enterprise sap 15 SP4	150400.6.16 fixed
suse enterprise server 15 SP4	150400.6.16 fixed

salt-syndic

suse enterprise sap 15 SP3	3002.2-150300.53.16.1 fixed
suse enterprise server 15	3002.2-150000.8.41.32.1 fixed
suse enterprise server 15 SP1	3002.2-150100.63.1 fixed
suse enterprise server 15 SP2	3002.2-150200.64.1 fixed
suse enterprise server 15 SP3	3002.2-150300.53.16.1 fixed

salt-syndic-3004

suse enterprise sap 15 SP4	150400.6.16 fixed
suse enterprise server 15 SP4	150400.6.16 fixed

salt-transactional-update

suse enterprise server 15	3002.2-150000.8.41.32.1 fixed
suse enterprise server 15 SP1	3002.2-150100.63.1 fixed
suse enterprise server 15 SP2	3002.2-150200.64.1 fixed

salt-zsh-completion

suse enterprise desktop 15 SP3	3002.2-150300.53.16.1 fixed
suse enterprise desktop 15 SP5	3005.1-150500.2.13 fixed
suse enterprise desktop 15 SP6	3006.0-150500.4.29.1 fixed
suse enterprise sap 15 SP3	3002.2-150300.53.16.1 fixed
suse enterprise sap 15 SP5	3005.1-150500.2.13 fixed
suse enterprise sap 15 SP6	3006.0-150500.4.29.1 fixed
suse enterprise server 15	3002.2-150000.8.41.32.1 fixed
suse enterprise server 15 SP1	3002.2-150100.63.1 fixed
suse enterprise server 15 SP2	3002.2-150200.64.1 fixed
suse enterprise server 15 SP3	3002.2-150300.53.16.1 fixed
suse enterprise server 15 SP5	3005.1-150500.2.13 fixed
suse enterprise server 15 SP6	3006.0-150500.4.29.1 fixed

salt-zsh-completion-3004

suse enterprise desktop 15 SP4	150400.6.16 fixed
suse enterprise sap 15 SP4	150400.6.16 fixed
suse enterprise server 15 SP4	150400.6.16 fixed

Common Weakness Enumeration

CWE-732 - Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References

https://github.com/saltstack/salt/releases%2C

https://repo.saltproject.io/

https://saltproject.io/security_announcements/salt-security-advisory-release/%2C

https://security.gentoo.org/glsa/202310-22

https://github.com/saltstack/salt/releases%2C

https://repo.saltproject.io/

https://saltproject.io/security_announcements/salt-security-advisory-release/%2C

https://security.gentoo.org/glsa/202310-22