Home > Vulnerability Database > CVE-2024-38825

Mend.io Vulnerability Database

CVE-2024-38825

Good to know:

Date: June 13, 2025

The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication attempt to be accepted.

Severity Score

6.4

Related Resources (7)

Url: https://docs.saltproject.io/en/3007/topics/releases/3007.4.html

Url: https://github.com/saltstack/salt/commit/5ff18fd0ececdfd083ddce693c3ccef30e44f155

Url: https://github.com/saltstack/salt/commit/d7cb64e44db5f82fd615373f5dca2eb1fb29bbab

Url: https://github.com/saltstack/salt

Url: https://docs.saltproject.io/en/3006/topics/releases/3006.12.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-38825

Url: https://www.mend.io/vulnerability-database/CVE-2024-38825

Severity Score

6.4

Weakness Type (CWE)

Improper Authentication

CWE-287

Top Fix

Upgrade Version

Upgrade to version salt - 3006.12;salt - 3007.4;salt - 3006.12;salt - 3007.4;https://github.com/saltstack/salt.git - v3006.12;https://github.com/saltstack/salt.git - v3007.4

Learn More

CVSS v3.1

Base Score:	6.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-38825

Good to know:

Date: June 13, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?