Headline

GHSA-jh7c-xh74-h76f: Salt has minion event bus authorization bypass vulnerability

Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions (>= 3007.0).

14 days ago

ghsa

Open in Source

#vulnerability #auth

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.

Attack complexity: More severe for the least complex attacks.

Privileges required: More severe if no privileges are required.

User interaction: More severe when no user interaction is required.

Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.

Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.

Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.

Availability: More severe when the loss of impacted component availability is highest.

ghsa: Latest News

GHSA-prpj-rchp-9j5h: OpenBao allows cancellation of root rekey and recovery rekey operations without authentication

13 hours ago

ghsa

GHSA-8f5r-8cmq-7fmq: OpenBao Inserts Sensitive Information into Log File when processing malformed data

13 hours ago

ghsa

GHSA-6f6r-m9pv-67jw: iOS Simulator MCP Command Injection allowed via exec API

13 hours ago

ghsa

GHSA-p7fw-vjjm-2rwp: Incus creates nftables rules that partially bypass security options

14 hours ago

ghsa

GHSA-9q7c-qmhm-jv86: Incus Allocation of Resources Without Limits allows firewall rule bypass on managed bridge networks

14 hours ago

ghsa