Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Salt Master authentication protocol downgrade may enable minion impersonation
Vulnerability Description
Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using an older request payload format, enabling minion impersonation and circumventing protections introduced in response to prior issues.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L
Vulnerability Type
认证机制不恰当
Vulnerability Title
SaltStack Salt 安全漏洞
Vulnerability Description
SaltStack Salt是SaltStack公司的一套开源的用于管理基础架构的工具。该工具提供配置管理、远程执行等功能。 SaltStack Salt存在安全漏洞,该漏洞源于身份验证降级,可能导致攻击者绕过限制并获得用户权限。
CVSS Information
N/A
Vulnerability Type
N/A