GHSA-c46w-gr7f-jm2p

Source

https://github.com/advisories/GHSA-c46w-gr7f-jm2p

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-c46w-gr7f-jm2p/GHSA-c46w-gr7f-jm2p.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-c46w-gr7f-jm2p

Aliases

CVE-2025-22239

Published

2025-06-13T09:30:33Z

Modified

2025-06-13T22:12:21.069355Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L CVSS Calculator

Summary

Salt vulnerable to arbitrary event injection

Details

Arbitrary event injection on Salt Master. The master's "minionevent" method can be used by and authorized minion to send arbitrary events onto the master's event bus.

Database specific

{
    "nvd_published_at": "2025-06-13T07:15:21Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2025-06-13T21:21:04Z",
    "cwe_ids": [
        "CWE-285"
    ]
}

References

Affected packages

PyPI / salt

Package

Name: salt; View open source insights on deps.dev
Purl: pkg:pypi/salt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3006.0rc1

Fixed

3006.12

Affected versions

3006.*

3006.0rc1

3006.0rc2

3006.0rc3

3006.0

3006.1

3006.2

3006.3

3006.4

3006.5

3006.6

3006.7

3006.8

3006.9

3006.10

3006.11

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-c46w-gr7f-jm2p/GHSA-c46w-gr7f-jm2p.json"

PyPI / salt

Package

Name: salt; View open source insights on deps.dev
Purl: pkg:pypi/salt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3007.0rc1

Fixed

3007.4

Affected versions

3007.*

3007.0rc1

3007.0

3007.1

3007.2

3007.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-c46w-gr7f-jm2p/GHSA-c46w-gr7f-jm2p.json"