{"id":"CVE-2022-22934","details":"An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data.","aliases":["GHSA-2q4g-wfm6-5fpm","PYSEC-2022-171"],"modified":"2026-04-02T07:47:02.783036Z","published":"2022-03-29T17:15:15.170Z","related":["SUSE-FU-2022:2042-1","SUSE-FU-2022:2135-1","SUSE-RU-2022:1384-1","SUSE-RU-2022:1385-1","SUSE-RU-2022:1389-1","SUSE-RU-2022:1391-1","SUSE-RU-2022:1392-1","SUSE-SU-2022:1049-1","SUSE-SU-2022:1050-1","SUSE-SU-2022:1051-1","SUSE-SU-2022:1057-1","SUSE-SU-2022:1058-1","SUSE-SU-2022:1059-1","SUSE-SU-2022:1060-1","SUSE-SU-2022:1514-1","SUSE-SU-2022:1531-1","SUSE-SU-2022:1536-1","SUSE-SU-2022:1545-1","openSUSE-SU-2022:1059-1","openSUSE-SU-2024:11970-1"],"references":[{"type":"WEB","url":"https://github.com/saltstack/salt/releases%2C"},{"type":"WEB","url":"https://repo.saltproject.io/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202310-22"},{"type":"ADVISORY","url":"https://saltproject.io/security_announcements/salt-security-advisory-release/%2C"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/saltstack/salt","events":[{"introduced":"998c382f5f2c3b4cbf7d96aa6913ada6993909b3"},{"fixed":"836789a88156bb19fdac3fa00139cd278f92418c"},{"introduced":"6fa95b058b9d999c23dff5eb2ba4127aa2dc8b71"},{"fixed":"99d30f4022cff1582bba0c28fd606897aa8d248a"},{"introduced":"fec6e71228f67d1d7bbf1abe32f98acb392d3697"},{"fixed":"064729c1ed085466cf4863403100461fbe4abd81"}],"database_specific":{"versions":[{"introduced":"3002"},{"fixed":"3002.8"},{"introduced":"3003"},{"fixed":"3003.4"},{"introduced":"3004"},{"fixed":"3004.1"}]}}],"versions":["v3002","v3002.1","v3002.2","v3002.3","v3002.4","v3002.5","v3002.6","v3002.7","v3003","v3003.1","v3003.2","v3003.3","v3003_docs","v3003rc1","v3004","v3004_docs","v3004rc1","v3005","v3005.1","v3005.1-2","v3005.1-3","v3005.1-4","v3005.2","v3005.3","v3005.4","v3005.5","v3005rc1","v3005rc2","v3006.0","v3006.0rc1","v3006.0rc2","v3006.0rc3","v3006.1","v3006.10","v3006.11","v3006.12","v3006.13","v3006.14","v3006.15","v3006.16","v3006.17","v3006.18","v3006.19","v3006.2","v3006.20","v3006.21","v3006.22","v3006.23","v3006.3","v3006.3_docs","v3006.4","v3006.5","v3006.6","v3006.7","v3006.8","v3006.9","v3007.0","v3007.0rc1","v3007.1","v3007.10","v3007.11","v3007.12","v3007.13","v3007.2","v3007.3","v3007.4","v3007.5","v3007.6","v3007.7","v3007.8","v3007.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-22934.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}