
We found results for “”
CVE-2024-38825
Good to know:


Date: June 13, 2025
The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication attempt to be accepted.
Severity Score
Related Resources (7)
Severity Score
Weakness Type (CWE)
Improper Authentication
CWE-287Top Fix

Upgrade Version
Upgrade to version salt - 3006.12;salt - 3007.4;salt - 3006.12;salt - 3007.4;https://github.com/saltstack/salt.git - v3006.12;https://github.com/saltstack/salt.git - v3007.4
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | CHANGED |
Confidentiality (C): | LOW |
Integrity (I): | LOW |
Availability (A): | NONE |