Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/salt@3007.0
Typepypi
Namespace
Namesalt
Version3007.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3007.9
Latest_non_vulnerable_version3007.9
Affected_by_vulnerabilities
0
url VCID-34yz-hgbf-abee
vulnerability_id VCID-34yz-hgbf-abee
summary 
Salt's salt.auth.pki module does not properly authenticate callers
The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication attempt to be accepted.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-38825
reference_id
reference_type
scores
0
value 0.00123
scoring_system epss
scoring_elements 0.31045
published_at 2026-06-05T12:55:00Z
1
value 0.00123
scoring_system epss
scoring_elements 0.30977
published_at 2026-06-07T12:55:00Z
2
value 0.00123
scoring_system epss
scoring_elements 0.31012
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-38825
1
reference_url https://docs.saltproject.io/en/3006/topics/releases/3006.12.html
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T14:00:49Z/
url https://docs.saltproject.io/en/3006/topics/releases/3006.12.html
2
reference_url https://docs.saltproject.io/en/3007/topics/releases/3007.4.html
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T14:00:49Z/
url https://docs.saltproject.io/en/3007/topics/releases/3007.4.html
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt
5
reference_url https://github.com/saltstack/salt/commit/5ff18fd0ececdfd083ddce693c3ccef30e44f155
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/commit/5ff18fd0ececdfd083ddce693c3ccef30e44f155
6
reference_url https://github.com/saltstack/salt/commit/d7cb64e44db5f82fd615373f5dca2eb1fb29bbab
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/commit/d7cb64e44db5f82fd615373f5dca2eb1fb29bbab
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-38825
reference_id CVE-2024-38825
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-38825
8
reference_url https://github.com/advisories/GHSA-4j59-vv55-q6h3
reference_id GHSA-4j59-vv55-q6h3
reference_type
scores
url https://github.com/advisories/GHSA-4j59-vv55-q6h3
fixed_packages
0
url pkg:pypi/salt@3007.4
purl pkg:pypi/salt@3007.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fxhr-smeg-k7fj
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3007.4
aliases CVE-2024-38825, GHSA-4j59-vv55-q6h3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-34yz-hgbf-abee
1
url VCID-em78-j177-kffg
vulnerability_id VCID-em78-j177-kffg
summary 
Salt's on demand pillar functionality vulnerable to arbitrary command injections
An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-22237
reference_id
reference_type
scores
0
value 0.0011
scoring_system epss
scoring_elements 0.28947
published_at 2026-06-05T12:55:00Z
1
value 0.0011
scoring_system epss
scoring_elements 0.28874
published_at 2026-06-07T12:55:00Z
2
value 0.0011
scoring_system epss
scoring_elements 0.28911
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-22237
1
reference_url https://docs.saltproject.io/en/3006/topics/releases/3006.12.html
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-14T03:56:05Z/
url https://docs.saltproject.io/en/3006/topics/releases/3006.12.html
2
reference_url https://docs.saltproject.io/en/3007/topics/releases/3007.4.html
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-14T03:56:05Z/
url https://docs.saltproject.io/en/3007/topics/releases/3007.4.html
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt
5
reference_url https://github.com/saltstack/salt/commit/9445f496fed61b15dc4364818007e5b765b0746f
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/commit/9445f496fed61b15dc4364818007e5b765b0746f
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-22237
reference_id CVE-2025-22237
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-22237
7
reference_url https://github.com/advisories/GHSA-fcr4-h6c4-rvvp
reference_id GHSA-fcr4-h6c4-rvvp
reference_type
scores
url https://github.com/advisories/GHSA-fcr4-h6c4-rvvp
fixed_packages
0
url pkg:pypi/salt@3007.4
purl pkg:pypi/salt@3007.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fxhr-smeg-k7fj
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3007.4
aliases CVE-2025-22237, GHSA-fcr4-h6c4-rvvp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-em78-j177-kffg
2
url VCID-fwas-eecc-3bau
vulnerability_id VCID-fwas-eecc-3bau
summary 
Salt allows arbitrary directory creation or file deletion
Arbitrary directory creation or file deletion. In the find_file method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgt_env” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-22240
reference_id
reference_type
scores
0
value 0.00095
scoring_system epss
scoring_elements 0.26346
published_at 2026-06-07T12:55:00Z
1
value 0.00095
scoring_system epss
scoring_elements 0.2639
published_at 2026-06-06T12:55:00Z
2
value 0.00095
scoring_system epss
scoring_elements 0.26398
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-22240
1
reference_url https://docs.saltproject.io/en/3006/topics/releases/3006.12.html
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-13T13:40:39Z/
url https://docs.saltproject.io/en/3006/topics/releases/3006.12.html
2
reference_url https://docs.saltproject.io/en/3007/topics/releases/3007.4.html
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-13T13:40:39Z/
url https://docs.saltproject.io/en/3007/topics/releases/3007.4.html
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt
5
reference_url https://github.com/saltstack/salt/commit/f7c28ffbf18dbf693a15b1ba9493918de3e88cf3
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/commit/f7c28ffbf18dbf693a15b1ba9493918de3e88cf3
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-22240
reference_id CVE-2025-22240
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-22240
7
reference_url https://github.com/advisories/GHSA-xh32-3m67-qjgf
reference_id GHSA-xh32-3m67-qjgf
reference_type
scores
url https://github.com/advisories/GHSA-xh32-3m67-qjgf
fixed_packages
0
url pkg:pypi/salt@3007.4
purl pkg:pypi/salt@3007.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fxhr-smeg-k7fj
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3007.4
aliases CVE-2025-22240, GHSA-xh32-3m67-qjgf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fwas-eecc-3bau
3
url VCID-fwpy-42pu-8ub3
vulnerability_id VCID-fwpy-42pu-8ub3
summary 
Salt has minion event bus authorization bypass vulnerability
Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions (>= 3007.0).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-22236
reference_id
reference_type
scores
0
value 0.00144
scoring_system epss
scoring_elements 0.34491
published_at 2026-06-05T12:55:00Z
1
value 0.00144
scoring_system epss
scoring_elements 0.34471
published_at 2026-06-07T12:55:00Z
2
value 0.00144
scoring_system epss
scoring_elements 0.34507
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-22236
1
reference_url https://docs.saltproject.io/en/3006/topics/releases/3006.12.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-13T13:59:59Z/
url https://docs.saltproject.io/en/3006/topics/releases/3006.12.html
2
reference_url https://docs.saltproject.io/en/3007/topics/releases/3007.4.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-13T13:59:59Z/
url https://docs.saltproject.io/en/3007/topics/releases/3007.4.html
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-22236
reference_id CVE-2025-22236
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-22236
6
reference_url https://github.com/advisories/GHSA-jh7c-xh74-h76f
reference_id GHSA-jh7c-xh74-h76f
reference_type
scores
url https://github.com/advisories/GHSA-jh7c-xh74-h76f
fixed_packages
0
url pkg:pypi/salt@3007.4
purl pkg:pypi/salt@3007.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fxhr-smeg-k7fj
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3007.4
aliases CVE-2025-22236, GHSA-jh7c-xh74-h76f
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fwpy-42pu-8ub3
4
url VCID-r4b7-j6au-fucm
vulnerability_id VCID-r4b7-j6au-fucm
summary 
Salt's file contents overwrite the VirtKey class
File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location and is present in the default configuration.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-22241
reference_id
reference_type
scores
0
value 0.00141
scoring_system epss
scoring_elements 0.33935
published_at 2026-06-07T12:55:00Z
1
value 0.00141
scoring_system epss
scoring_elements 0.33968
published_at 2026-06-06T12:55:00Z
2
value 0.00141
scoring_system epss
scoring_elements 0.33953
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-22241
1
reference_url https://docs.saltproject.io/en/3006/topics/releases/3006.12.html
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-13T15:24:21Z/
url https://docs.saltproject.io/en/3006/topics/releases/3006.12.html
2
reference_url https://docs.saltproject.io/en/3007/topics/releases/3007.4.html
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-13T15:24:21Z/
url https://docs.saltproject.io/en/3007/topics/releases/3007.4.html
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt
5
reference_url https://github.com/saltstack/salt/commit/9445f496fed61b15dc4364818007e5b765b0746f
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/commit/9445f496fed61b15dc4364818007e5b765b0746f
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-22241
reference_id CVE-2025-22241
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-22241
7
reference_url https://github.com/advisories/GHSA-7f3f-x5f5-79gw
reference_id GHSA-7f3f-x5f5-79gw
reference_type
scores
url https://github.com/advisories/GHSA-7f3f-x5f5-79gw
fixed_packages
0
url pkg:pypi/salt@3007.4
purl pkg:pypi/salt@3007.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fxhr-smeg-k7fj
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3007.4
aliases CVE-2025-22241, GHSA-7f3f-x5f5-79gw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r4b7-j6au-fucm
5
url VCID-sc4b-v7j2-byed
vulnerability_id VCID-sc4b-v7j2-byed
summary 
Salt vulnerable to directory traversal attack in minion file cache creation
Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-22238
reference_id
reference_type
scores
0
value 0.00344
scoring_system epss
scoring_elements 0.57317
published_at 2026-06-07T12:55:00Z
1
value 0.00344
scoring_system epss
scoring_elements 0.57328
published_at 2026-06-06T12:55:00Z
2
value 0.00344
scoring_system epss
scoring_elements 0.5732
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-22238
1
reference_url https://docs.saltproject.io/en/3006/topics/releases/3006.12.html
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T13:54:45Z/
url https://docs.saltproject.io/en/3006/topics/releases/3006.12.html
2
reference_url https://docs.saltproject.io/en/3007/topics/releases/3007.4.html
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T13:54:45Z/
url https://docs.saltproject.io/en/3007/topics/releases/3007.4.html
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt
5
reference_url https://github.com/saltstack/salt/commit/4b30218edf1a979855ea191d72b30c89f4a5a582
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/commit/4b30218edf1a979855ea191d72b30c89f4a5a582
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-22238
reference_id CVE-2025-22238
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-22238
7
reference_url https://github.com/advisories/GHSA-r546-h3ff-q585
reference_id GHSA-r546-h3ff-q585
reference_type
scores
url https://github.com/advisories/GHSA-r546-h3ff-q585
fixed_packages
0
url pkg:pypi/salt@3007.4
purl pkg:pypi/salt@3007.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fxhr-smeg-k7fj
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3007.4
aliases CVE-2025-22238, GHSA-r546-h3ff-q585
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sc4b-v7j2-byed
6
url VCID-t99c-dqd5-ukfk
vulnerability_id VCID-t99c-dqd5-ukfk
summary 
Salt vulnerable to directory traversal attack in file receiving method
Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-38824
reference_id
reference_type
scores
0
value 0.00378
scoring_system epss
scoring_elements 0.59699
published_at 2026-06-07T12:55:00Z
1
value 0.00378
scoring_system epss
scoring_elements 0.59707
published_at 2026-06-06T12:55:00Z
2
value 0.00378
scoring_system epss
scoring_elements 0.59704
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-38824
1
reference_url https://docs.saltproject.io/en/3006/topics/releases/3006.12.html
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-14T03:56:04Z/
url https://docs.saltproject.io/en/3006/topics/releases/3006.12.html
2
reference_url https://docs.saltproject.io/en/3007/topics/releases/3007.4.html
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-14T03:56:04Z/
url https://docs.saltproject.io/en/3007/topics/releases/3007.4.html
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt
5
reference_url https://github.com/saltstack/salt/commit/c4ad23f0f3132d8d8a88f19fa537dc42cf21b215
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/commit/c4ad23f0f3132d8d8a88f19fa537dc42cf21b215
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-38824
reference_id CVE-2024-38824
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-38824
7
reference_url https://github.com/advisories/GHSA-8pcp-r83j-fc92
reference_id GHSA-8pcp-r83j-fc92
reference_type
scores
url https://github.com/advisories/GHSA-8pcp-r83j-fc92
fixed_packages
0
url pkg:pypi/salt@3007.4
purl pkg:pypi/salt@3007.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fxhr-smeg-k7fj
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3007.4
aliases CVE-2024-38824, GHSA-8pcp-r83j-fc92
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t99c-dqd5-ukfk
7
url VCID-yt34-n551-1uau
vulnerability_id VCID-yt34-n551-1uau
summary 
Salt's worker process vulnerable to denial of service through file read operation
Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pub_ret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by attempting to read from a filename that will not return any data, e.g. by targeting a pipe node on the proc file system.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-22242
reference_id
reference_type
scores
0
value 0.00303
scoring_system epss
scoring_elements 0.53957
published_at 2026-06-07T12:55:00Z
1
value 0.00303
scoring_system epss
scoring_elements 0.53969
published_at 2026-06-06T12:55:00Z
2
value 0.00303
scoring_system epss
scoring_elements 0.53961
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-22242
1
reference_url https://docs.saltproject.io/en/3006/topics/releases/3006.12.html
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T15:23:55Z/
url https://docs.saltproject.io/en/3006/topics/releases/3006.12.html
2
reference_url https://docs.saltproject.io/en/3007/topics/releases/3007.4.html
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T15:23:55Z/
url https://docs.saltproject.io/en/3007/topics/releases/3007.4.html
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt
5
reference_url https://github.com/saltstack/salt/commit/e39116fb87bf4db9bcb9aade8258c66df87d41fe
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/commit/e39116fb87bf4db9bcb9aade8258c66df87d41fe
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-22242
reference_id CVE-2025-22242
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-22242
7
reference_url https://github.com/advisories/GHSA-989c-m532-p2hv
reference_id GHSA-989c-m532-p2hv
reference_type
scores
url https://github.com/advisories/GHSA-989c-m532-p2hv
fixed_packages
0
url pkg:pypi/salt@3007.4
purl pkg:pypi/salt@3007.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fxhr-smeg-k7fj
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3007.4
aliases CVE-2025-22242, GHSA-989c-m532-p2hv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yt34-n551-1uau
8
url VCID-zeat-rzj9-u3br
vulnerability_id VCID-zeat-rzj9-u3br
summary 
Salt vulnerable to arbitrary event injection
Arbitrary event injection on Salt Master. The master's "_minion_event" method can be used by and authorized minion to send arbitrary events onto the master's event bus.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-22239
reference_id
reference_type
scores
0
value 0.00144
scoring_system epss
scoring_elements 0.34471
published_at 2026-06-07T12:55:00Z
1
value 0.00144
scoring_system epss
scoring_elements 0.34507
published_at 2026-06-06T12:55:00Z
2
value 0.00144
scoring_system epss
scoring_elements 0.34491
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-22239
1
reference_url https://docs.saltproject.io/en/3006/topics/releases/3006.12.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T13:50:17Z/
url https://docs.saltproject.io/en/3006/topics/releases/3006.12.html
2
reference_url https://docs.saltproject.io/en/3007/topics/releases/3007.4.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T13:50:17Z/
url https://docs.saltproject.io/en/3007/topics/releases/3007.4.html
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt
5
reference_url https://github.com/saltstack/salt/commit/41d834bf800d86fc496e4fac2d3875fc2aca7c62
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/commit/41d834bf800d86fc496e4fac2d3875fc2aca7c62
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-22239
reference_id CVE-2025-22239
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-22239
7
reference_url https://github.com/advisories/GHSA-c46w-gr7f-jm2p
reference_id GHSA-c46w-gr7f-jm2p
reference_type
scores
url https://github.com/advisories/GHSA-c46w-gr7f-jm2p
fixed_packages
0
url pkg:pypi/salt@3007.4
purl pkg:pypi/salt@3007.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fxhr-smeg-k7fj
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3007.4
aliases CVE-2025-22239, GHSA-c46w-gr7f-jm2p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zeat-rzj9-u3br
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/salt@3007.0