VYPR
High severity8.8NVD Advisory· Published Jun 23, 2022· Updated Jun 17, 2026

CVE-2022-22967

CVE-2022-22967

Description

An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an active session and salt-api users that authenticate via PAM eauth.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
saltPyPI
< 3002.93002.9
saltPyPI
>= 3003.0, < 3003.53003.5
saltPyPI
>= 3004.0, < 3004.23004.2

Affected products

38

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.