PT-2025-25387 · Salt+3 · Salt+3

Published

2025-01-02

·

Updated

2025-08-19

·

CVE-2024-38823

CVSS v2.0

3.3

Low

VectorAV:N/AC:L/Au:M/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions Salt (affected versions not specified)
Description The issue concerns Salt's request server being vulnerable to replay attacks when not using a TLS encrypted transport.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insufficient Verification of Data Authenticity

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-345CWE-294

Related Identifiers

ALT-PU-2025-8072
ALT-PU-2025-8965
BDU:2025-10866
CVE-2024-38823
OPENSUSE-SU-2025:15295-1
SUSE-SU-2025:02476-1
SUSE-SU-2025:02491-1
SUSE-SU-2025:02492-1
SUSE-SU-2025:02499-1
SUSE-SU-2025:02500-1
SUSE-SU-2025:02501-1
SUSE-SU-2025:02502-1
SUSE-SU-2025:02534-1
SUSE-SU-2025:20487-1
SUSE-SU-2025:20504-1
SUSE-SU-2025_02500-1
SUSE-SU-2025_02501-1
SUSE-SU-2025_02534-1

Affected Products

Alt Linux
Red Os
Salt
Suse