Headline
GHSA-fpxm-fprw-6hxj: Salt's PAM auth fails to reject locked accounts
An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an active session and salt-api users that authenticate via PAM eauth.
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2022-22967
Salt’s PAM auth fails to reject locked accounts
High severity GitHub Reviewed Published Jun 25, 2022 • Updated Jun 25, 2022
Affected versions
< 3002.9
>= 3003.0, < 3003.5
>= 3004.0, < 3004.2
Patched versions
3002.9
3003.5
3004.2
Description
Related news
Gentoo Linux Security Advisory 202310-22 - Multiple vulnerabilities have been discovered in Salt, the worst of which could result in local privilege escalation. Versions greater than or equal to 3004.2 are affected.
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.
An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an active session and salt-api users that authenticate via PAM eauth.