Name of the Vulnerable Software and Affected Versions salt versions prior to 3006.0

Description The issue is related to several problems in the salt software, including collections Mapping issues, conflicts with dependencies, and failures due to the unavailability of the transactional update module. The update to Salt release version 3006.0 fixes these issues. There is no information about the estimated number of potentially affected devices or real-world incidents where this issue was exploited.

Recommendations Update to Salt release version 3006.0 or later to fix the issues. As a temporary workaround, consider disabling the transactional update module until a patch is available. Restrict access to the salt-ssh executions to minimize the risk of exploitation. Avoid using the importlib-metadata version less than 5.0.0 in the affected API endpoint until the issue is resolved. At the moment, there is no other information about additional mitigation measures.