Vulnerability Name:

CVE-2022-22967 (CCN-229591)

Assigned:2022-06-21
Published:2022-06-21
Updated:2022-06-30
Summary:An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an active session and salt-api users that authenticate via PAM eauth.
CVSS v3 Severity:8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.1 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-863
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2022-22967

Source: XF
Type: UNKNOWN
salt-cve202222967-sec-bypass(229591)

Source: MISC
Type: Product, Vendor Advisory
https://repo.saltproject.io/

Source: CCN
Type: Salt Web site
Salt Security Advisory Release

Source: MISC
Type: Vendor Advisory
https://saltproject.io/security_announcements/salt-security-advisory-release-june-21st-2022/,

Vulnerable Configuration:Configuration 1:
  • cpe:/a:saltstack:salt:*:*:*:*:*:*:*:* (Version >= 3004 and < 3004.2)
  • OR cpe:/a:saltstack:salt:*:*:*:*:*:*:*:* (Version >= 3003 and < 3003.5)
  • OR cpe:/a:saltstack:salt:*:*:*:*:*:*:*:* (Version < 3002.9)

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8092
    P
    		salt-transactional-update-3005.1-150500.2.13 on GA media (Moderate)
    2023-06-20
    oval:org.opensuse.security:def:7784
    P
    		python3-salt-3005.1-150500.2.13 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:118937
    P
    		Security update for salt (Important)
    2022-07-06
    oval:org.opensuse.security:def:94040
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:556
    P
    		Security update for salt (Important)
    2022-07-06
    oval:org.opensuse.security:def:95397
    P
    		Security update for salt (Important)
    2022-07-06
    oval:org.opensuse.security:def:93465
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:3623
    P
    		Security update for salt (Important)
    2022-07-06
    oval:org.opensuse.security:def:119242
    P
    		Security update for salt (Important)
    2022-07-06
    oval:org.opensuse.security:def:94252
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:95407
    P
    		Security update for salt (Important)
    2022-07-06
    oval:org.opensuse.security:def:93619
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:3764
    P
    		Security update for salt (Important)
    2022-07-06
    oval:org.opensuse.security:def:119432
    P
    		Security update for salt (Important)
    2022-07-06
    oval:org.opensuse.security:def:94461
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:93147
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:118747
    P
    		Security update for salt (Important)
    2022-07-06
    oval:org.opensuse.security:def:93826
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:3774
    P
    		Security update for salt (Important)
    2022-07-06
    oval:org.opensuse.security:def:119617
    P
    		Security update for salt (Important)
    2022-07-06
    oval:org.opensuse.security:def:95253
    P
    		Security update for salt (Important)
    2022-07-06
    oval:org.opensuse.security:def:93307
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:42305
    P
    		Security update for salt (Important)
    2022-06-24
    oval:org.opensuse.security:def:921
    P
    		Security update for salt (Important)
    2022-06-24
    oval:org.opensuse.security:def:42401
    P
    		Security update for salt (Important)
    2022-06-24
    oval:org.opensuse.security:def:1680
    P
    		Security update for salt (Important)
    2022-06-24
    oval:org.opensuse.security:def:1702
    P
    		Security update for salt (Important)
    2022-06-24
    oval:org.opensuse.security:def:43637
    P
    		Security update for salt (Important)
    2022-06-24
    BACK
    saltstack salt *
    saltstack salt *
    saltstack salt *