CVE-2022-22941 An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1

CVE-2022-22941 An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1

This issue has been fixed in version 3.0.2 and above. The correct behavior is that if a user has a command targeted to any minion, they will receive the command and any other users that are members of the same syndic will receive the command. The issue only occurs when a publisher_acl is configured on the Master-of-Masters, allowing users to bypass permissions, publishing authorized commands to any configured minion. This issue has been fixed in version 3.0.2 and above. An upgrade is required to this version. In order to receive the upgrade, the syndic_maintainer setting must be set to True on all nodes in the cluster. This can be done by running the following commands: $ salt-syndic upgrade --syndic_maintainer True

Issue: A user can publish commands on a Master-of-Masters node but all other users in the cluster ca 't

The issue only occurs when a publisher_acl is configured on the Master-of-Masters, allowing users to bypass permissions, publishing authorized commands to any configured minion. This issue has been fixed in version 3.0.2 and above. An upgrade is required to this version. In order to receive the upgrade, the syndic_maintainer setting must be set to True on all nodes in the cluster. This can be done by running the following commands: $ salt-syndic upgrade --syndic_maintainer True

References:

*http://docs.saltstack.com/en/latest/ref/modules/configuration/master-of-masters.html *https://github.com/SaltySuitcase/SaltStack-Web-Services-API

The purpose of this blog post is to review the best practices for outsourcing SEO services and to provide tips that can help you avoid the most common mistakes companies make when they outsource their SEO strategy. Outsourcing your SEO strategy is a great option for small businesses because it decreases the work involved in maintaining a search engine optimized website, which is critical if your company wants to grow online and keep up with competition. There are many benefits of outsourcing your SEO services including better conversion rates, targeted audience, and avoiding costly clicks that don't convert into sales. One simple way to do this is by using pictures in your campaigns because people respond well to pictures over text only.

How to upgrade to the latest version?

The following commands will upgrade the Salt-syndic to version 3.0.2 and above:
$ sudo salt-syndic upgrade --syndic_maintainer True

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe