Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisher_acl, if a user configured in the publisher_acl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid, allowing configured users to target any of the minions connected to the syndic with their configured commands. This requires a syndic master combined with publisher_acl configured on the Master-of-Masters, allowing users specified in the publisher_acl to bypass permissions, publishing authorized commands to any configured minion.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SaltStack Salt 安全漏洞
Vulnerability Description
SaltStack Salt是SaltStack公司的一套开源的用于管理基础架构的工具。该工具提供配置管理、远程执行等功能。 SaltStack Salt 存在安全漏洞,该漏洞源于当使用 publisher_acl 配置为 Master-of-Masters 时,如果在 publisher_acl 中配置的用户以连接到 Syndic 的任何 Minion 为目标,Salt Master 会错误地将没有有效目标解释为有效,从而允许配置的用户以任何连接的 Minion 为目标使用他们配置的命令发送给 synd
CVSS Information
N/A
Vulnerability Type
N/A