—

PYSEC-2022-172

Details

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / salt

Introduced in: 0 Fixed in: 3002.8

Fix pip install --upgrade 'salt>=3002.8'

References

https://github.com/saltstack/salt/releases, [WEB]
https://repo.saltproject.io/ [WEB]
https://saltproject.io/security_announcements/salt-security-advisory-release/, [ADVISORY]
https://github.com/advisories/GHSA-cvcc-5x92-gmhc [ADVISORY]