CVE-2022-22935 An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1

When a minion stops, it removes all its data. When a Salt Master receives a minion that has stopped, it can receive a denial of service attack from an attacker pretending to be a minion. When a minion stops, it removes all its data from its file system. The Master can then receive data from a MiTM attacker pretending to be a minion. The MiTM attacker can send the Master a malicious configuration from which the Master can be tricked into stopping. When a Salt Master receives a minion that has stopped, it can receive a denial of service attack from an attacker pretending to be a minion. When a minion stops, it removes all its data from its file system. The Master can then receive data from a MiTM attacker pretending to be a minion. The MiTM attacker can send the Master a malicious configuration from which the Master can be tricked into stopping.

Timeline:

Salt Master:
The Salt Master receives a minion that has stopped, it can receive a denial of service attack from an attacker pretending to be a minion.
MiTM attacker:
- The MiTM attacker can send the Master a malicious configuration from which the Master can be tricked into stopping.

Accessing a Salt Master Over the Internet

When a Salt Master receives a minion that has stopped, it can receive a denial of service attack from an attacker pretending to be a minion. When a minion stops, it removes all its data from its file system. The Master can then receive data from a MiTM attacker pretending to be a minion. The MiTM attacker can send the Master a malicious configuration from which the Master can be tricked into stopping.

Overview

The Salt Master is a framework for managing and communicating with remote minions. It manages the communication and data exchange between the Master and minions, giving it a centralized point of control. The Salt Master can be configured to perform various tasks such as receiving minion information from the minions, acting on that information, and sending commands or data back to the minions.
Salt Masters communicate with remote minions through their API. A secure connection is made between the Salt Master and minion on port 8010. To use this connection, both parties must have certificates signed by trusted third-parties (STPs). The salt master needs to trust these STPs because they are responsible for signing all certificates used during communication with the minion. When a minion stops, it removes all its data from its file system. The master can then receive data from a MiTM attacker pretending to be a minion. The MiTM attacker can send the master a malicious configuration from which the master can be tricked into stopping.

Timeline

Published on: 03/29/2022 17:15:00 UTC
Last modified on: 04/06/2022 20:34:00 UTC

References

• https://github.com/saltstack/salt/releases,
• https://repo.saltproject.io/
• https://saltproject.io/security_announcements/salt-security-advisory-release/,
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22935