MEDIUM 6.2

GHSA-vcf3-26xf-fw4m

Salt Authentication Protocol Version Downgrade Allows Minion Impersonation

Details

Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using an older request payload format, enabling minion impersonation and circumventing protections introduced in response to prior issues.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / salt

Introduced in: 3006.12 Fixed in: 3006.17

Fix pip install --upgrade 'salt>=3006.17'

PyPI / salt

Introduced in: 3007.4 Fixed in: 3007.9

Fix pip install --upgrade 'salt>=3007.9'

References

https://nvd.nist.gov/vuln/detail/CVE-2025-62349 [ADVISORY]
https://github.com/saltstack/salt/issues/68467 [WEB]
https://github.com/saltstack/salt/commit/3d5708acae16d039a1e2b5529c8e14a0d3255611 [WEB]
https://docs.saltproject.io/en/latest/topics/releases/3006.17.html [WEB]
https://docs.saltproject.io/en/latest/topics/releases/3007.9.html [WEB]
https://github.com/saltstack/salt [PACKAGE]