Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/747925?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/747925?format=api", "purl": "pkg:pypi/salt@3006.5", "type": "pypi", "namespace": "", "name": "salt", "version": "3006.5", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3006.17", "latest_non_vulnerable_version": "3007.9", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55430?format=api", "vulnerability_id": "VCID-32tp-s4fd-v7h2", "summary": "Path traversal in saltstack\nA specially crafted url can be created which leads to a directory traversal in the salt file server.\nA malicious user can read an arbitrary file from a Salt master’s filesystem.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22232", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63519", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.6351", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63512", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22232" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/saltstack/salt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt" }, { "reference_url": "https://github.com/saltstack/salt/commit/e0cdb80b55123f4a024759ffcf2b3f0e0788e7ab", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt/commit/e0cdb80b55123f4a024759ffcf2b3f0e0788e7ab" }, { "reference_url": "https://saltproject.io/security-announcements/2024-01-31-advisory", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://saltproject.io/security-announcements/2024-01-31-advisory" }, { "reference_url": "https://saltproject.io/security-announcements/2024-01-31-advisory/", "reference_id": "2024-01-31-advisory", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-27T14:41:55Z/" } ], "url": "https://saltproject.io/security-announcements/2024-01-31-advisory/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22232", "reference_id": "CVE-2024-22232", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22232" }, { "reference_url": "https://github.com/advisories/GHSA-2qw3-2wv6-p64x", "reference_id": "GHSA-2qw3-2wv6-p64x", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2qw3-2wv6-p64x" }, { "reference_url": "https://security.gentoo.org/glsa/202412-09", "reference_id": "GLSA-202412-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81946?format=api", "purl": "pkg:pypi/salt@3006.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-34yz-hgbf-abee" }, { "vulnerability": "VCID-em78-j177-kffg" }, { "vulnerability": "VCID-fwas-eecc-3bau" }, { "vulnerability": "VCID-fwpy-42pu-8ub3" }, { "vulnerability": "VCID-r4b7-j6au-fucm" }, { "vulnerability": "VCID-sc4b-v7j2-byed" }, { "vulnerability": "VCID-t99c-dqd5-ukfk" }, { "vulnerability": "VCID-yt34-n551-1uau" }, { "vulnerability": "VCID-zeat-rzj9-u3br" }, { "vulnerability": "VCID-zudw-npmj-2qe8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.6" } ], "aliases": [ "CVE-2024-22232", "GHSA-2qw3-2wv6-p64x" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-32tp-s4fd-v7h2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57465?format=api", "vulnerability_id": "VCID-34yz-hgbf-abee", "summary": "Salt's salt.auth.pki module does not properly authenticate callers\nThe salt.auth.pki module does not properly authenticate callers. The \"password\" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication attempt to be accepted.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38825", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31045", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.30977", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31012", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38825" }, { "reference_url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T14:00:49Z/" } ], "url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html" }, { "reference_url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T14:00:49Z/" } ], "url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/saltstack/salt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt" }, { "reference_url": "https://github.com/saltstack/salt/commit/5ff18fd0ececdfd083ddce693c3ccef30e44f155", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt/commit/5ff18fd0ececdfd083ddce693c3ccef30e44f155" }, { "reference_url": "https://github.com/saltstack/salt/commit/d7cb64e44db5f82fd615373f5dca2eb1fb29bbab", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt/commit/d7cb64e44db5f82fd615373f5dca2eb1fb29bbab" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38825", "reference_id": "CVE-2024-38825", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38825" }, { "reference_url": "https://github.com/advisories/GHSA-4j59-vv55-q6h3", "reference_id": "GHSA-4j59-vv55-q6h3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4j59-vv55-q6h3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73744?format=api", "purl": "pkg:pypi/salt@3006.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fxhr-smeg-k7fj" }, { "vulnerability": "VCID-zudw-npmj-2qe8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/73745?format=api", "purl": "pkg:pypi/salt@3007.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fxhr-smeg-k7fj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3007.4" } ], "aliases": [ "CVE-2024-38825", "GHSA-4j59-vv55-q6h3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-34yz-hgbf-abee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57468?format=api", "vulnerability_id": "VCID-em78-j177-kffg", "summary": "Salt's on demand pillar functionality vulnerable to arbitrary command injections\nAn attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22237", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.28947", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.28874", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.28911", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22237" }, { "reference_url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-14T03:56:05Z/" } ], "url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html" }, { "reference_url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-14T03:56:05Z/" } ], "url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/saltstack/salt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt" }, { "reference_url": "https://github.com/saltstack/salt/commit/9445f496fed61b15dc4364818007e5b765b0746f", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt/commit/9445f496fed61b15dc4364818007e5b765b0746f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22237", "reference_id": "CVE-2025-22237", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22237" }, { "reference_url": "https://github.com/advisories/GHSA-fcr4-h6c4-rvvp", "reference_id": "GHSA-fcr4-h6c4-rvvp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fcr4-h6c4-rvvp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73744?format=api", "purl": "pkg:pypi/salt@3006.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fxhr-smeg-k7fj" }, { "vulnerability": "VCID-zudw-npmj-2qe8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/73745?format=api", "purl": "pkg:pypi/salt@3007.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fxhr-smeg-k7fj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3007.4" } ], "aliases": [ "CVE-2025-22237", "GHSA-fcr4-h6c4-rvvp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-em78-j177-kffg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57481?format=api", "vulnerability_id": "VCID-fwas-eecc-3bau", "summary": "Salt allows arbitrary directory creation or file deletion\nArbitrary directory creation or file deletion. In the find_file method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgt_env” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22240", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26346", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.2639", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26398", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22240" }, { "reference_url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-13T13:40:39Z/" } ], "url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html" }, { "reference_url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-13T13:40:39Z/" } ], "url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/saltstack/salt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt" }, { "reference_url": "https://github.com/saltstack/salt/commit/f7c28ffbf18dbf693a15b1ba9493918de3e88cf3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt/commit/f7c28ffbf18dbf693a15b1ba9493918de3e88cf3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22240", "reference_id": "CVE-2025-22240", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22240" }, { "reference_url": "https://github.com/advisories/GHSA-xh32-3m67-qjgf", "reference_id": "GHSA-xh32-3m67-qjgf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xh32-3m67-qjgf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73744?format=api", "purl": "pkg:pypi/salt@3006.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fxhr-smeg-k7fj" }, { "vulnerability": "VCID-zudw-npmj-2qe8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/73745?format=api", "purl": "pkg:pypi/salt@3007.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fxhr-smeg-k7fj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3007.4" } ], "aliases": [ "CVE-2025-22240", "GHSA-xh32-3m67-qjgf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fwas-eecc-3bau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57478?format=api", "vulnerability_id": "VCID-fwpy-42pu-8ub3", "summary": "Salt has minion event bus authorization bypass vulnerability\nMinion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions (>= 3007.0).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22236", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34491", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34471", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34507", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22236" }, { "reference_url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-13T13:59:59Z/" } ], "url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html" }, { "reference_url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-13T13:59:59Z/" } ], "url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/saltstack/salt", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22236", "reference_id": "CVE-2025-22236", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22236" }, { "reference_url": "https://github.com/advisories/GHSA-jh7c-xh74-h76f", "reference_id": "GHSA-jh7c-xh74-h76f", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jh7c-xh74-h76f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73744?format=api", "purl": "pkg:pypi/salt@3006.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fxhr-smeg-k7fj" }, { "vulnerability": "VCID-zudw-npmj-2qe8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/73745?format=api", "purl": "pkg:pypi/salt@3007.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fxhr-smeg-k7fj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3007.4" } ], "aliases": [ "CVE-2025-22236", "GHSA-jh7c-xh74-h76f" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fwpy-42pu-8ub3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55436?format=api", "vulnerability_id": "VCID-qr6n-rx38-6fd2", "summary": "Directory creation by malicious user in saltstack\nSyndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22231", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.69301", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.69311", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.69302", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22231" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/saltstack/salt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt" }, { "reference_url": "https://github.com/saltstack/salt/commit/e0cdb80b55123f4a024759ffcf2b3f0e0788e7ab", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt/commit/e0cdb80b55123f4a024759ffcf2b3f0e0788e7ab" }, { "reference_url": "https://saltproject.io/security-announcements/2024-01-31-advisory", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://saltproject.io/security-announcements/2024-01-31-advisory" }, { "reference_url": "https://saltproject.io/security-announcements/2024-01-31-advisory/", "reference_id": "2024-01-31-advisory", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T14:45:17Z/" } ], "url": "https://saltproject.io/security-announcements/2024-01-31-advisory/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22231", "reference_id": "CVE-2024-22231", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22231" }, { "reference_url": "https://github.com/advisories/GHSA-q27c-j6j9-53w3", "reference_id": "GHSA-q27c-j6j9-53w3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q27c-j6j9-53w3" }, { "reference_url": "https://security.gentoo.org/glsa/202412-09", "reference_id": "GLSA-202412-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81946?format=api", "purl": "pkg:pypi/salt@3006.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-34yz-hgbf-abee" }, { "vulnerability": "VCID-em78-j177-kffg" }, { "vulnerability": "VCID-fwas-eecc-3bau" }, { "vulnerability": "VCID-fwpy-42pu-8ub3" }, { "vulnerability": "VCID-r4b7-j6au-fucm" }, { "vulnerability": "VCID-sc4b-v7j2-byed" }, { "vulnerability": "VCID-t99c-dqd5-ukfk" }, { "vulnerability": "VCID-yt34-n551-1uau" }, { "vulnerability": "VCID-zeat-rzj9-u3br" }, { "vulnerability": "VCID-zudw-npmj-2qe8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.6" } ], "aliases": [ "CVE-2024-22231", "GHSA-q27c-j6j9-53w3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qr6n-rx38-6fd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57477?format=api", "vulnerability_id": "VCID-r4b7-j6au-fucm", "summary": "Salt's file contents overwrite the VirtKey class\nFile contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location and is present in the default configuration.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22241", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.33935", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.33968", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.33953", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22241" }, { "reference_url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-13T15:24:21Z/" } ], "url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html" }, { "reference_url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-13T15:24:21Z/" } ], "url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/saltstack/salt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt" }, { "reference_url": "https://github.com/saltstack/salt/commit/9445f496fed61b15dc4364818007e5b765b0746f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt/commit/9445f496fed61b15dc4364818007e5b765b0746f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22241", "reference_id": "CVE-2025-22241", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22241" }, { "reference_url": "https://github.com/advisories/GHSA-7f3f-x5f5-79gw", "reference_id": "GHSA-7f3f-x5f5-79gw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7f3f-x5f5-79gw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73744?format=api", "purl": "pkg:pypi/salt@3006.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fxhr-smeg-k7fj" }, { "vulnerability": "VCID-zudw-npmj-2qe8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/73745?format=api", "purl": "pkg:pypi/salt@3007.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fxhr-smeg-k7fj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3007.4" } ], "aliases": [ "CVE-2025-22241", "GHSA-7f3f-x5f5-79gw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r4b7-j6au-fucm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57470?format=api", "vulnerability_id": "VCID-sc4b-v7j2-byed", "summary": "Salt vulnerable to directory traversal attack in minion file cache creation\nDirectory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22238", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57317", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57328", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.5732", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22238" }, { "reference_url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T13:54:45Z/" } ], "url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html" }, { "reference_url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T13:54:45Z/" } ], "url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/saltstack/salt", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt" }, { "reference_url": "https://github.com/saltstack/salt/commit/4b30218edf1a979855ea191d72b30c89f4a5a582", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt/commit/4b30218edf1a979855ea191d72b30c89f4a5a582" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22238", "reference_id": "CVE-2025-22238", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22238" }, { "reference_url": "https://github.com/advisories/GHSA-r546-h3ff-q585", "reference_id": "GHSA-r546-h3ff-q585", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r546-h3ff-q585" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73744?format=api", "purl": "pkg:pypi/salt@3006.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fxhr-smeg-k7fj" }, { "vulnerability": "VCID-zudw-npmj-2qe8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/73745?format=api", "purl": "pkg:pypi/salt@3007.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fxhr-smeg-k7fj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3007.4" } ], "aliases": [ "CVE-2025-22238", "GHSA-r546-h3ff-q585" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sc4b-v7j2-byed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57475?format=api", "vulnerability_id": "VCID-t99c-dqd5-ukfk", "summary": "Salt vulnerable to directory traversal attack in file receiving method\nDirectory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38824", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59699", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59707", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59704", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38824" }, { "reference_url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-14T03:56:04Z/" } ], "url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html" }, { "reference_url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-14T03:56:04Z/" } ], "url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/saltstack/salt", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt" }, { "reference_url": "https://github.com/saltstack/salt/commit/c4ad23f0f3132d8d8a88f19fa537dc42cf21b215", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt/commit/c4ad23f0f3132d8d8a88f19fa537dc42cf21b215" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38824", "reference_id": "CVE-2024-38824", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38824" }, { "reference_url": "https://github.com/advisories/GHSA-8pcp-r83j-fc92", "reference_id": "GHSA-8pcp-r83j-fc92", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8pcp-r83j-fc92" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73744?format=api", "purl": "pkg:pypi/salt@3006.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fxhr-smeg-k7fj" }, { "vulnerability": "VCID-zudw-npmj-2qe8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/73745?format=api", "purl": "pkg:pypi/salt@3007.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fxhr-smeg-k7fj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3007.4" } ], "aliases": [ "CVE-2024-38824", "GHSA-8pcp-r83j-fc92" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t99c-dqd5-ukfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57473?format=api", "vulnerability_id": "VCID-yt34-n551-1uau", "summary": "Salt's worker process vulnerable to denial of service through file read operation\nWorker process denial of service through file read operation. .A vulnerability exists in the Master's “pub_ret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by attempting to read from a filename that will not return any data, e.g. by targeting a pipe node on the proc file system.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22242", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53957", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53969", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53961", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22242" }, { "reference_url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T15:23:55Z/" } ], "url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html" }, { "reference_url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T15:23:55Z/" } ], "url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/saltstack/salt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt" }, { "reference_url": "https://github.com/saltstack/salt/commit/e39116fb87bf4db9bcb9aade8258c66df87d41fe", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt/commit/e39116fb87bf4db9bcb9aade8258c66df87d41fe" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22242", "reference_id": "CVE-2025-22242", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22242" }, { "reference_url": "https://github.com/advisories/GHSA-989c-m532-p2hv", "reference_id": "GHSA-989c-m532-p2hv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-989c-m532-p2hv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73744?format=api", "purl": "pkg:pypi/salt@3006.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fxhr-smeg-k7fj" }, { "vulnerability": "VCID-zudw-npmj-2qe8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/73745?format=api", "purl": "pkg:pypi/salt@3007.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fxhr-smeg-k7fj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3007.4" } ], "aliases": [ "CVE-2025-22242", "GHSA-989c-m532-p2hv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yt34-n551-1uau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57482?format=api", "vulnerability_id": "VCID-zeat-rzj9-u3br", "summary": "Salt vulnerable to arbitrary event injection\nArbitrary event injection on Salt Master. The master's \"_minion_event\" method can be used by and authorized minion to send arbitrary events onto the master's event bus.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22239", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34471", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34507", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34491", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22239" }, { "reference_url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T13:50:17Z/" } ], "url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html" }, { "reference_url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T13:50:17Z/" } ], "url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/saltstack/salt", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt" }, { "reference_url": "https://github.com/saltstack/salt/commit/41d834bf800d86fc496e4fac2d3875fc2aca7c62", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt/commit/41d834bf800d86fc496e4fac2d3875fc2aca7c62" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22239", "reference_id": "CVE-2025-22239", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22239" }, { "reference_url": "https://github.com/advisories/GHSA-c46w-gr7f-jm2p", "reference_id": "GHSA-c46w-gr7f-jm2p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-c46w-gr7f-jm2p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73744?format=api", "purl": "pkg:pypi/salt@3006.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fxhr-smeg-k7fj" }, { "vulnerability": "VCID-zudw-npmj-2qe8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/73745?format=api", "purl": "pkg:pypi/salt@3007.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fxhr-smeg-k7fj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3007.4" } ], "aliases": [ "CVE-2025-22239", "GHSA-c46w-gr7f-jm2p" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zeat-rzj9-u3br" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49899?format=api", "vulnerability_id": "VCID-zudw-npmj-2qe8", "summary": "Salt junos Module Vulnerable to Code Injection via Specially Crafted YAML Payload\nSalt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62348", "reference_id": "", "reference_type": "", "scores": [ { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.0065", "published_at": "2026-06-05T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00648", "published_at": "2026-06-07T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00651", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62348" }, { "reference_url": "https://docs.saltproject.io/en/latest/topics/releases/3006.17.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-30T19:30:12Z/" } ], "url": "https://docs.saltproject.io/en/latest/topics/releases/3006.17.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/saltstack/salt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt" }, { "reference_url": "https://github.com/saltstack/salt/issues/68469", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt/issues/68469" }, { "reference_url": "https://github.com/saltstack/salt/pull/68472/commits/c17fd645edef208233dcac855615fced69409a00", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt/pull/68472/commits/c17fd645edef208233dcac855615fced69409a00" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62348", "reference_id": "CVE-2025-62348", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62348" }, { "reference_url": "https://github.com/advisories/GHSA-77w2-v593-vxvv", "reference_id": "GHSA-77w2-v593-vxvv", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-77w2-v593-vxvv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73743?format=api", "purl": "pkg:pypi/salt@3006.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.17" } ], "aliases": [ "CVE-2025-62348", "GHSA-77w2-v593-vxvv" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zudw-npmj-2qe8" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.5" }