Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/salt@3001.7
Typepypi
Namespace
Namesalt
Version3001.7
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3005.2
Latest_non_vulnerable_version3007.9
Affected_by_vulnerabilities
0
url VCID-3qku-wmk8-5bg1
vulnerability_id VCID-3qku-wmk8-5bg1
summary An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an active session and salt-api users that authenticate via PAM eauth.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-22967
reference_id
reference_type
scores
0
value 0.00504
scoring_system epss
scoring_elements 0.66481
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-22967
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/advisories/GHSA-fpxm-fprw-6hxj
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-fpxm-fprw-6hxj
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2022-210.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2022-210.yaml
4
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt
5
reference_url https://repo.saltproject.io
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://repo.saltproject.io
6
reference_url https://repo.saltproject.io/
reference_id
reference_type
scores
url https://repo.saltproject.io/
7
reference_url https://saltproject.io/security_announcements/salt-security-advisory-release-june-21st-2022/,
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://saltproject.io/security_announcements/salt-security-advisory-release-june-21st-2022/,
8
reference_url https://security.gentoo.org/glsa/202310-22
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202310-22
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22967
reference_id CVE-2022-22967
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-22967
fixed_packages
0
url pkg:pypi/salt@3002.9
purl pkg:pypi/salt@3002.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5s8t-r4qa-yfb7
1
vulnerability VCID-6y9z-4cqf-dbhh
2
vulnerability VCID-anh6-63ah-sfhj
3
vulnerability VCID-dttu-htyd-tkcc
4
vulnerability VCID-r3m9-163d-myff
5
vulnerability VCID-z6gy-m65u-wqgh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.9
1
url pkg:pypi/salt@3003.5
purl pkg:pypi/salt@3003.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6y9z-4cqf-dbhh
1
vulnerability VCID-r3m9-163d-myff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3003.5
2
url pkg:pypi/salt@3004.2
purl pkg:pypi/salt@3004.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6y9z-4cqf-dbhh
1
vulnerability VCID-r3m9-163d-myff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3004.2
aliases CVE-2022-22967, GHSA-fpxm-fprw-6hxj, PYSEC-2022-210
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3qku-wmk8-5bg1
1
url VCID-5s8t-r4qa-yfb7
vulnerability_id VCID-5s8t-r4qa-yfb7
summary In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-31607
reference_id
reference_type
scores
0
value 0.04548
scoring_system epss
scoring_elements 0.89361
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-31607
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/advisories/GHSA-hcjf-rp5h-g5h3
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hcjf-rp5h-g5h3
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-56.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-56.yaml
4
reference_url https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LDKMAJXYFHM4USVX3H5V2GCCBGASWUSM
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LDKMAJXYFHM4USVX3H5V2GCCBGASWUSM
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LDKMAJXYFHM4USVX3H5V2GCCBGASWUSM
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LDKMAJXYFHM4USVX3H5V2GCCBGASWUSM
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LDKMAJXYFHM4USVX3H5V2GCCBGASWUSM/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LDKMAJXYFHM4USVX3H5V2GCCBGASWUSM/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ
14
reference_url https://sec.stealthcopter.com/saltstack-snapper-minion-privledge-escaltion
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://sec.stealthcopter.com/saltstack-snapper-minion-privledge-escaltion
15
reference_url https://sec.stealthcopter.com/saltstack-snapper-minion-privledge-escaltion/
reference_id
reference_type
scores
url https://sec.stealthcopter.com/saltstack-snapper-minion-privledge-escaltion/
16
reference_url https://security.gentoo.org/glsa/202310-22
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202310-22
17
reference_url https://www.debian.org/security/2021/dsa-5011
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-5011
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-31607
reference_id CVE-2021-31607
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-31607
fixed_packages
0
url pkg:pypi/salt@3003rc1
purl pkg:pypi/salt@3003rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6y9z-4cqf-dbhh
1
vulnerability VCID-anh6-63ah-sfhj
2
vulnerability VCID-dttu-htyd-tkcc
3
vulnerability VCID-r3m9-163d-myff
4
vulnerability VCID-z6gy-m65u-wqgh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3003rc1
aliases CVE-2021-31607, GHSA-hcjf-rp5h-g5h3, PYSEC-2021-56
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5s8t-r4qa-yfb7
2
url VCID-6y9z-4cqf-dbhh
vulnerability_id VCID-6y9z-4cqf-dbhh
summary Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-20897
reference_id
reference_type
scores
0
value 0.00154
scoring_system epss
scoring_elements 0.35811
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-20897
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2023-166.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2023-166.yaml
3
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OMWJIHQZXHK6FH2E3IWAZCYIRI7FLVOL
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OMWJIHQZXHK6FH2E3IWAZCYIRI7FLVOL
5
reference_url https://saltproject.io/security-announcements/2023-08-10-advisory
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://saltproject.io/security-announcements/2023-08-10-advisory
6
reference_url https://saltproject.io/security-announcements/2023-08-10-advisory/
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://saltproject.io/security-announcements/2023-08-10-advisory/
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-20897
reference_id CVE-2023-20897
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-20897
8
reference_url https://github.com/advisories/GHSA-vpjg-wmf8-29h9
reference_id GHSA-vpjg-wmf8-29h9
reference_type
scores
url https://github.com/advisories/GHSA-vpjg-wmf8-29h9
9
reference_url https://security.gentoo.org/glsa/202412-09
reference_id GLSA-202412-09
reference_type
scores
url https://security.gentoo.org/glsa/202412-09
fixed_packages
0
url pkg:pypi/salt@3005.2
purl pkg:pypi/salt@3005.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3005.2
1
url pkg:pypi/salt@3006.2
purl pkg:pypi/salt@3006.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.2
aliases CVE-2023-20897, GHSA-vpjg-wmf8-29h9, PYSEC-2023-166
risk_score 1.3
exploitability 0.5
weighted_severity 2.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6y9z-4cqf-dbhh
3
url VCID-7qmj-yzm7-yfhs
vulnerability_id VCID-7qmj-yzm7-yfhs
summary An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-22935
reference_id
reference_type
scores
0
value 0.0007
scoring_system epss
scoring_elements 0.21565
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-22935
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2022-172.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2022-172.yaml
3
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt
4
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.8.rst#L31
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.8.rst#L31
5
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3003.4.rst#L31
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3003.4.rst#L31
6
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3004.1.rst#L29
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3004.1.rst#L29
7
reference_url https://github.com/saltstack/salt/releases,
reference_id
reference_type
scores
url https://github.com/saltstack/salt/releases,
8
reference_url https://repo.saltproject.io/
reference_id
reference_type
scores
url https://repo.saltproject.io/
9
reference_url https://saltproject.io/security_announcements/salt-security-advisory-release
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://saltproject.io/security_announcements/salt-security-advisory-release
10
reference_url https://saltproject.io/security_announcements/salt-security-advisory-release/,
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/salt-security-advisory-release/,
11
reference_url https://security.gentoo.org/glsa/202310-22
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202310-22
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22935
reference_id CVE-2022-22935
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-22935
13
reference_url https://github.com/advisories/GHSA-cvcc-5x92-gmhc
reference_id GHSA-cvcc-5x92-gmhc
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cvcc-5x92-gmhc
fixed_packages
0
url pkg:pypi/salt@3002.8
purl pkg:pypi/salt@3002.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3qku-wmk8-5bg1
1
vulnerability VCID-5s8t-r4qa-yfb7
2
vulnerability VCID-6y9z-4cqf-dbhh
3
vulnerability VCID-anh6-63ah-sfhj
4
vulnerability VCID-dttu-htyd-tkcc
5
vulnerability VCID-r3m9-163d-myff
6
vulnerability VCID-z6gy-m65u-wqgh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.8
1
url pkg:pypi/salt@3003.4
purl pkg:pypi/salt@3003.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6y9z-4cqf-dbhh
1
vulnerability VCID-r3m9-163d-myff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3003.4
2
url pkg:pypi/salt@3004.1
purl pkg:pypi/salt@3004.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6y9z-4cqf-dbhh
1
vulnerability VCID-r3m9-163d-myff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3004.1
aliases CVE-2022-22935, GHSA-cvcc-5x92-gmhc, PYSEC-2022-172
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7qmj-yzm7-yfhs
4
url VCID-84t6-tnd4-r3gq
vulnerability_id VCID-84t6-tnd4-r3gq
summary An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A sufficient craft attacker could gain root access on minion under certain scenarios.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-22936
reference_id
reference_type
scores
0
value 0.00107
scoring_system epss
scoring_elements 0.28645
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-22936
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2022-173.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2022-173.yaml
3
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt
4
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.8.rst#L31
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.8.rst#L31
5
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3003.4.rst#L32
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3003.4.rst#L32
6
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3004.1.rst#L30
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3004.1.rst#L30
7
reference_url https://github.com/saltstack/salt/releases
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/releases
8
reference_url https://github.com/saltstack/salt/releases,
reference_id
reference_type
scores
url https://github.com/saltstack/salt/releases,
9
reference_url https://repo.saltproject.io
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://repo.saltproject.io
10
reference_url https://repo.saltproject.io/
reference_id
reference_type
scores
url https://repo.saltproject.io/
11
reference_url https://saltproject.io/security_announcements/salt-security-advisory-release
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://saltproject.io/security_announcements/salt-security-advisory-release
12
reference_url https://saltproject.io/security_announcements/salt-security-advisory-release/,
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/salt-security-advisory-release/,
13
reference_url https://security.gentoo.org/glsa/202310-22
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202310-22
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22936
reference_id CVE-2022-22936
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-22936
15
reference_url https://github.com/advisories/GHSA-5r3f-3m3j-wcj2
reference_id GHSA-5r3f-3m3j-wcj2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5r3f-3m3j-wcj2
fixed_packages
0
url pkg:pypi/salt@3002.8
purl pkg:pypi/salt@3002.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3qku-wmk8-5bg1
1
vulnerability VCID-5s8t-r4qa-yfb7
2
vulnerability VCID-6y9z-4cqf-dbhh
3
vulnerability VCID-anh6-63ah-sfhj
4
vulnerability VCID-dttu-htyd-tkcc
5
vulnerability VCID-r3m9-163d-myff
6
vulnerability VCID-z6gy-m65u-wqgh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.8
1
url pkg:pypi/salt@3003.4
purl pkg:pypi/salt@3003.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6y9z-4cqf-dbhh
1
vulnerability VCID-r3m9-163d-myff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3003.4
2
url pkg:pypi/salt@3004.1
purl pkg:pypi/salt@3004.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6y9z-4cqf-dbhh
1
vulnerability VCID-r3m9-163d-myff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3004.1
aliases CVE-2022-22936, GHSA-5r3f-3m3j-wcj2, PYSEC-2022-173
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-84t6-tnd4-r3gq
5
url VCID-9cpe-uywb-zfbc
vulnerability_id VCID-9cpe-uywb-zfbc
summary An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-22934
reference_id
reference_type
scores
0
value 0.0012
scoring_system epss
scoring_elements 0.3065
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-22934
1
reference_url https://blog.cloudflare.com/future-proofing-saltstack
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.cloudflare.com/future-proofing-saltstack
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2022-171.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2022-171.yaml
4
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt
5
reference_url https://github.com/saltstack/salt/releases
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/releases
6
reference_url https://github.com/saltstack/salt/releases,
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/releases,
7
reference_url https://repo.saltproject.io
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://repo.saltproject.io
8
reference_url https://repo.saltproject.io/
reference_id
reference_type
scores
url https://repo.saltproject.io/
9
reference_url https://saltproject.io/security_announcements/salt-security-advisory-release/,
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://saltproject.io/security_announcements/salt-security-advisory-release/,
10
reference_url https://security.gentoo.org/glsa/202310-22
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202310-22
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22934
reference_id CVE-2022-22934
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-22934
12
reference_url https://github.com/advisories/GHSA-2q4g-wfm6-5fpm
reference_id GHSA-2q4g-wfm6-5fpm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2q4g-wfm6-5fpm
fixed_packages
0
url pkg:pypi/salt@3002.8
purl pkg:pypi/salt@3002.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3qku-wmk8-5bg1
1
vulnerability VCID-5s8t-r4qa-yfb7
2
vulnerability VCID-6y9z-4cqf-dbhh
3
vulnerability VCID-anh6-63ah-sfhj
4
vulnerability VCID-dttu-htyd-tkcc
5
vulnerability VCID-r3m9-163d-myff
6
vulnerability VCID-z6gy-m65u-wqgh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.8
1
url pkg:pypi/salt@3003.4
purl pkg:pypi/salt@3003.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6y9z-4cqf-dbhh
1
vulnerability VCID-r3m9-163d-myff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3003.4
2
url pkg:pypi/salt@3004.1
purl pkg:pypi/salt@3004.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6y9z-4cqf-dbhh
1
vulnerability VCID-r3m9-163d-myff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3004.1
aliases CVE-2022-22934, GHSA-2q4g-wfm6-5fpm, PYSEC-2022-171
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9cpe-uywb-zfbc
6
url VCID-anh6-63ah-sfhj
vulnerability_id VCID-anh6-63ah-sfhj
summary An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21996
reference_id
reference_type
scores
0
value 0.02263
scoring_system epss
scoring_elements 0.849
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21996
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/advisories/GHSA-pf7h-h2wq-m7pg
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pf7h-h2wq-m7pg
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-318.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-318.yaml
4
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt
5
reference_url https://lists.debian.org/debian-lts-announce/2021/11/msg00017.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/11/msg00017.html
6
reference_url https://lists.debian.org/debian-lts-announce/2021/11/msg00019.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/11/msg00019.html
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ/
16
reference_url https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02
17
reference_url https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/
18
reference_url https://security.gentoo.org/glsa/202310-22
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202310-22
19
reference_url https://www.debian.org/security/2021/dsa-5011
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-5011
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21996
reference_id CVE-2021-21996
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21996
fixed_packages
0
url pkg:pypi/salt@3003.3
purl pkg:pypi/salt@3003.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6y9z-4cqf-dbhh
1
vulnerability VCID-r3m9-163d-myff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3003.3
aliases CVE-2021-21996, GHSA-pf7h-h2wq-m7pg, PYSEC-2021-318
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-anh6-63ah-sfhj
7
url VCID-c3tf-kuxu-euaz
vulnerability_id VCID-c3tf-kuxu-euaz
summary CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-25315
reference_id
reference_type
scores
0
value 0.00153
scoring_system epss
scoring_elements 0.35717
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-25315
1
reference_url https://bugzilla.suse.com/show_bug.cgi?id=1182382
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.suse.com/show_bug.cgi?id=1182382
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-891.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-891.yaml
4
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25315
reference_id CVE-2021-25315
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-25315
6
reference_url https://github.com/advisories/GHSA-pmj6-9f8c-8g2m
reference_id GHSA-pmj6-9f8c-8g2m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pmj6-9f8c-8g2m
fixed_packages
0
url pkg:pypi/salt@3002.2
purl pkg:pypi/salt@3002.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3qku-wmk8-5bg1
1
vulnerability VCID-49dv-x94w-suda
2
vulnerability VCID-5s8t-r4qa-yfb7
3
vulnerability VCID-6y9z-4cqf-dbhh
4
vulnerability VCID-7qmj-yzm7-yfhs
5
vulnerability VCID-84t6-tnd4-r3gq
6
vulnerability VCID-9cpe-uywb-zfbc
7
vulnerability VCID-anh6-63ah-sfhj
8
vulnerability VCID-bddr-7e3e-gfch
9
vulnerability VCID-dqnw-edrq-hka2
10
vulnerability VCID-dttu-htyd-tkcc
11
vulnerability VCID-eq7b-wcab-rqfq
12
vulnerability VCID-fgrx-cjat-x7dc
13
vulnerability VCID-k7nb-cgu8-tye8
14
vulnerability VCID-kfjs-6e5q-j3aj
15
vulnerability VCID-n3sc-mzk3-n7cg
16
vulnerability VCID-n4vy-d4dh-x7gu
17
vulnerability VCID-r3m9-163d-myff
18
vulnerability VCID-w6j4-qrr2-3qae
19
vulnerability VCID-wvyr-dwg5-cya3
20
vulnerability VCID-z6gy-m65u-wqgh
21
vulnerability VCID-zc1e-1a3m-87c3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.2
aliases CVE-2021-25315, GHSA-pmj6-9f8c-8g2m, PYSEC-2021-891
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c3tf-kuxu-euaz
8
url VCID-dttu-htyd-tkcc
vulnerability_id VCID-dttu-htyd-tkcc
summary Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33226
reference_id
reference_type
scores
0
value 0.04007
scoring_system epss
scoring_elements 0.88635
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33226
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/saltstack/salt/blob/master/salt/modules/status.py
reference_id
reference_type
scores
url https://github.com/saltstack/salt/blob/master/salt/modules/status.py
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33226
reference_id CVE-2021-33226
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-33226
fixed_packages
0
url pkg:pypi/salt@3003.1
purl pkg:pypi/salt@3003.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6y9z-4cqf-dbhh
1
vulnerability VCID-anh6-63ah-sfhj
2
vulnerability VCID-r3m9-163d-myff
3
vulnerability VCID-z6gy-m65u-wqgh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3003.1
aliases CVE-2021-33226, PYSEC-2023-47
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dttu-htyd-tkcc
9
url VCID-n4vy-d4dh-x7gu
vulnerability_id VCID-n4vy-d4dh-x7gu
summary An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisher_acl, if a user configured in the publisher_acl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid, allowing configured users to target any of the minions connected to the syndic with their configured commands. This requires a syndic master combined with publisher_acl configured on the Master-of-Masters, allowing users specified in the publisher_acl to bypass permissions, publishing authorized commands to any configured minion.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-22941
reference_id
reference_type
scores
0
value 0.00016
scoring_system epss
scoring_elements 0.03679
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-22941
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2022-174.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2022-174.yaml
3
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt
4
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.8.rst#L31
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.8.rst#L31
5
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3003.4.rst#L32
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3003.4.rst#L32
6
reference_url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3004.1.rst#L30
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3004.1.rst#L30
7
reference_url https://github.com/saltstack/salt/releases,
reference_id
reference_type
scores
url https://github.com/saltstack/salt/releases,
8
reference_url https://repo.saltproject.io
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://repo.saltproject.io
9
reference_url https://repo.saltproject.io/
reference_id
reference_type
scores
url https://repo.saltproject.io/
10
reference_url https://saltproject.io/security_announcements/salt-security-advisory-release/,
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/salt-security-advisory-release/,
11
reference_url https://security.gentoo.org/glsa/202310-22
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202310-22
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22941
reference_id CVE-2022-22941
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-22941
13
reference_url https://github.com/advisories/GHSA-qcr3-hr2f-6557
reference_id GHSA-qcr3-hr2f-6557
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qcr3-hr2f-6557
fixed_packages
0
url pkg:pypi/salt@3002.8
purl pkg:pypi/salt@3002.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3qku-wmk8-5bg1
1
vulnerability VCID-5s8t-r4qa-yfb7
2
vulnerability VCID-6y9z-4cqf-dbhh
3
vulnerability VCID-anh6-63ah-sfhj
4
vulnerability VCID-dttu-htyd-tkcc
5
vulnerability VCID-r3m9-163d-myff
6
vulnerability VCID-z6gy-m65u-wqgh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.8
1
url pkg:pypi/salt@3003.4
purl pkg:pypi/salt@3003.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6y9z-4cqf-dbhh
1
vulnerability VCID-r3m9-163d-myff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3003.4
2
url pkg:pypi/salt@3004.1
purl pkg:pypi/salt@3004.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6y9z-4cqf-dbhh
1
vulnerability VCID-r3m9-163d-myff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3004.1
aliases CVE-2022-22941, GHSA-qcr3-hr2f-6557, PYSEC-2022-174
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n4vy-d4dh-x7gu
10
url VCID-r3m9-163d-myff
vulnerability_id VCID-r3m9-163d-myff
summary Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. Anything that uses Git Providers with different environments can get garbage data or the wrong data, which can lead to wrongful data disclosure, wrongful executions, data corruption and/or crash.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-20898
reference_id
reference_type
scores
0
value 0.0009
scoring_system epss
scoring_elements 0.25586
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-20898
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2023-169.yaml
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2023-169.yaml
3
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OMWJIHQZXHK6FH2E3IWAZCYIRI7FLVOL
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OMWJIHQZXHK6FH2E3IWAZCYIRI7FLVOL
5
reference_url https://saltproject.io/security-announcements/2023-08-10-advisory
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://saltproject.io/security-announcements/2023-08-10-advisory
6
reference_url https://saltproject.io/security-announcements/2023-08-10-advisory/
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://saltproject.io/security-announcements/2023-08-10-advisory/
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-20898
reference_id CVE-2023-20898
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-20898
8
reference_url https://github.com/advisories/GHSA-qvh6-3j7x-3hq7
reference_id GHSA-qvh6-3j7x-3hq7
reference_type
scores
url https://github.com/advisories/GHSA-qvh6-3j7x-3hq7
9
reference_url https://security.gentoo.org/glsa/202412-09
reference_id GLSA-202412-09
reference_type
scores
url https://security.gentoo.org/glsa/202412-09
fixed_packages
0
url pkg:pypi/salt@3005.2
purl pkg:pypi/salt@3005.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3005.2
1
url pkg:pypi/salt@3006.2
purl pkg:pypi/salt@3006.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.2
aliases CVE-2023-20898, GHSA-qvh6-3j7x-3hq7, PYSEC-2023-169
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r3m9-163d-myff
11
url VCID-z6gy-m65u-wqgh
vulnerability_id VCID-z6gy-m65u-wqgh
summary An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion software.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22004
reference_id
reference_type
scores
0
value 0.0014
scoring_system epss
scoring_elements 0.33826
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22004
1
reference_url https://github.com/advisories/GHSA-xf37-qcvf-7m57
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-xf37-qcvf-7m57
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-346.yaml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-346.yaml
3
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ/
10
reference_url https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02
11
reference_url https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/
reference_id
reference_type
scores
url https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-22004
reference_id CVE-2021-22004
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-22004
fixed_packages
0
url pkg:pypi/salt@3003.3
purl pkg:pypi/salt@3003.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6y9z-4cqf-dbhh
1
vulnerability VCID-r3m9-163d-myff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3003.3
aliases CVE-2021-22004, GHSA-xf37-qcvf-7m57, PYSEC-2021-346
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z6gy-m65u-wqgh
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.7