GHSA-8j9g-c9rp-jvg4

Suggest an improvement
Source
https://github.com/advisories/GHSA-8j9g-c9rp-jvg4
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8j9g-c9rp-jvg4/GHSA-8j9g-c9rp-jvg4.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-8j9g-c9rp-jvg4
Aliases
Published
2022-05-14T03:07:28Z
Modified
2024-10-21T21:40:50.662534Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
Salt vulnerable to Improper Certificate Validation
Details

Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules.

Database specific 
{
    "nvd_published_at": "2017-08-25T18:29:00Z",
    "cwe_ids": [
        "CWE-295"
    ],
    "severity": "HIGH",
    "github_reviewed_at": "2024-04-29T11:12:51Z",
    "github_reviewed": true
}
References

Affected packages

PyPI / salt

Package

Name
salt
View open source insights on deps.dev
Purl
pkg:pypi/salt

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2014.7.6

Affected versions

0.*

0.8.7
0.8.9
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4
0.9.5
0.9.6
0.9.7
0.9.8
0.9.9
0.9.9.1
0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.10.5
0.11.0
0.11.1
0.12.0
0.12.1
0.13.0
0.13.1
0.13.2
0.13.3
0.14.0
0.14.1
0.15.0
0.15.1
0.15.2
0.15.3
0.15.90
0.16.0
0.16.1
0.16.2
0.16.3
0.16.4
0.17.0rc1
0.17.0
0.17.1
0.17.2
0.17.3
0.17.4
0.17.5

2014.*

2014.1.0rc1
2014.1.0rc2
2014.1.0rc3
2014.1.0
2014.1.1
2014.1.2
2014.1.3
2014.1.4
2014.1.5
2014.1.6
2014.1.7
2014.1.8
2014.1.9
2014.1.10
2014.1.11
2014.1.12
2014.1.13
2014.7.0rc1
2014.7.0rc2
2014.7.0rc3
2014.7.0rc4
2014.7.0rc5
2014.7.0rc6
2014.7.0rc7
2014.7.0
2014.7.1
2014.7.2
2014.7.3
2014.7.4
2014.7.5

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8j9g-c9rp-jvg4/GHSA-8j9g-c9rp-jvg4.json"