Security Advisory

CVE-2022-22967

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-06-22 00:00:00

Last updated 2025-05-05 16:28:14

Assigner vmware

State PUBLISHED

Description

An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an active session and salt-api users that authenticate via PAM eauth.

← Browse all CVEs View on cve.org ↗