Description
Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
- Attack Vector
- network
- Complexity
- low
- Privileges
- none
- User Action
- none
- Scope
- unchanged
- Confidentiality
- none
- Integrity
- none
- Availability
- low
- Weaknesses
- CWE-404
Metadata
- Primary Vendor
- SALTSTACK
- Published
- 9/5/2023
- Last Modified
- 2/13/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
saltstack : saltsaltstack : salt
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.