CVE-2022-22935
Description
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Salt minions before versions 3002.8, 3003.4, and 3004.1 can be forced to stop by an MiTM attacker impersonating a master, causing a denial of service.
Vulnerability
An authentication denial of service vulnerability exists in SaltStack Salt, affecting all versions before 3002.8, 3003.4, and 3004.1 [1]. The flaw occurs during minion authentication: a man-in-the-middle (MiTM) attacker can impersonate a master and send specially crafted replies that cause the minion process to terminate. The attack targets the unsecured authentication exchange between a minion and a master [4].
Exploitation
An attacker must be positioned on the network to intercept and modify traffic between a minion and a legitimate master (i.e., a MiTM position). No authentication or prior access to the Salt environment is required. The attacker impersonates the master during the key exchange and sends a malicious authentication reply; the minion, upon receiving the forged response, stops its process. The attack does not require user interaction or special privileges beyond network proximity.
Impact
Successful exploitation causes the targeted minion process to terminate, resulting in a denial of service for that minion's managed systems. The attacker gains no code execution, data access, or persistent control; the impact is limited to service disruption. The minion can be restarted manually or via a watchdog, but the attack can be repeated.
Mitigation
Fixed versions were released on 2022-03-29: 3002.8, 3003.4, and 3004.1 [1][4]. During upgrade, all masters must be updated before minions, as older masters cannot communicate with fixed minions [4]. No workaround is available; upgrading to a patched version is required. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
saltPyPI | < 3002.8 | 3002.8 |
saltPyPI | >= 3003, < 3003.4 | 3003.4 |
saltPyPI | >= 3004, < 3004.1 | 3004.1 |
Affected products
35- SaltStack/Saltdescription
- ghsa-coords34 versionspkg:pypi/saltpkg:rpm/opensuse/salt&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/release-notes-susemanager&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/release-notes-susemanager&distro=SUSE%20Manager%20Server%204.2pkg:rpm/suse/salt&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/salt&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Micro%205.0pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Advanced%20Systems%20Management%2012pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Transactional%20Server%2015%20SP3pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/salt&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/salt&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/salt&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/salt&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/venv-salt-minion&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/venv-salt-minion&distro=SUSE%20Manager%20Client%20Tools%2015
< 3002.8+ 33 more
- (no CPE)range: < 3002.8
- (no CPE)range: < 3002.2-150300.53.16.1
- (no CPE)range: < 4.1.14.1-150200.3.77.1
- (no CPE)range: < 4.2.5.1-150300.3.34.1
- (no CPE)range: < 3002.2-150100.63.1
- (no CPE)range: < 3002.2-150200.64.1
- (no CPE)range: < 3002.2-150100.63.1
- (no CPE)range: < 3002.2-150100.63.1
- (no CPE)range: < 3002.2-150200.64.1
- (no CPE)range: < 3002.2-150200.64.1
- (no CPE)range: < 3002.2-150000.8.41.32.1
- (no CPE)range: < 3002.2-150000.8.41.32.1
- (no CPE)range: < 3002.2-150200.64.1
- (no CPE)range: < 3002.2-150300.53.16.1
- (no CPE)range: < 3002.2-150300.53.16.1
- (no CPE)range: < 3000-58.1
- (no CPE)range: < 3002.2-150300.53.16.1
- (no CPE)range: < 3002.2-150300.53.16.1
- (no CPE)range: < 3002.2-150300.53.16.1
- (no CPE)range: < 3002.2-150200.64.1
- (no CPE)range: < 3002.2-150100.63.1
- (no CPE)range: < 3002.2-150100.63.1
- (no CPE)range: < 3002.2-150200.64.1
- (no CPE)range: < 3002.2-150200.64.1
- (no CPE)range: < 3002.2-150000.8.41.32.1
- (no CPE)range: < 3002.2-150000.8.41.32.1
- (no CPE)range: < 3002.2-150100.63.1
- (no CPE)range: < 3002.2-150200.64.1
- (no CPE)range: < 3000-58.1
- (no CPE)range: < 3002.2-150200.64.1
- (no CPE)range: < 3002.2-150200.64.1
- (no CPE)range: < 3002.2-150200.64.1
- (no CPE)range: < 3004-3.8.1
- (no CPE)range: < 3004-150000.3.8.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- github.com/advisories/GHSA-cvcc-5x92-gmhcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-22935ghsaADVISORY
- security.gentoo.org/glsa/202310-22ghsavendor-advisoryWEB
- github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2022-172.yamlghsaWEB
- github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.8.rstghsaWEB
- github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3003.4.rstghsaWEB
- github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3004.1.rstghsaWEB
- saltproject.io/security_announcements/salt-security-advisory-releaseghsaWEB
- repo.saltproject.iomitre
- saltproject.io/security_announcements/salt-security-advisory-release/%2Cmitre
News mentions
0No linked articles in our index yet.