CNNVD-202506-1757 Information

CNNVD ID

CNNVD-202506-1757

Related CVE

CVE-2025-22236

• CNNVD Published: 2025-06-13

Description (Chinese)

Salt是Salt项目的一个自动化、基础设施管理、数据驱动编排和远程执行应用程序。 Salt存在安全漏洞，该漏洞源于事件总线授权绕过，可能导致攻击者执行其他minion上的作业。

Description (English)

Salt is an automation, infrastructure management, data-driven organization and remote implementation application for the Salt project. There was a security loophole in Salt, which stemmed from the authorization of bypasses on the incident bus, which could lead the attackers to perform other minion operations.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Salt

Published

2025-06-13

Last Modified

2026-02-24

References

https://docs.saltproject.io/en/3006/topics/releases/3006.12.html https://docs.saltproject.io/en/3007/topics/releases/3007.4.html

Patch

https://packages.broadcom.com/artifactory/saltproject-generic/