MEDIUM 6.2

GHSA-vcf3-26xf-fw4m

Salt Authentication Protocol Version Downgrade Allows Minion Impersonation

상세

Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using an older request payload format, enabling minion impersonation and circumventing protections introduced in response to prior issues.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / salt

최초 영향 버전: 3006.12 수정 버전: 3006.17

수정 pip install --upgrade 'salt>=3006.17'

PyPI / salt

최초 영향 버전: 3007.4 수정 버전: 3007.9

수정 pip install --upgrade 'salt>=3007.9'

참고

https://nvd.nist.gov/vuln/detail/CVE-2025-62349 [ADVISORY]
https://github.com/saltstack/salt/issues/68467 [WEB]
https://github.com/saltstack/salt/commit/3d5708acae16d039a1e2b5529c8e14a0d3255611 [WEB]
https://docs.saltproject.io/en/latest/topics/releases/3006.17.html [WEB]
https://docs.saltproject.io/en/latest/topics/releases/3007.9.html [WEB]
https://github.com/saltstack/salt [PACKAGE]