CVE-2024-38825

CVSS v3.1

6.4

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Salt versions (affected versions not specified)

Description The issue concerns the salt.auth.pki module, which does not properly authenticate callers. The module validates a public certificate in the password field against a CA certificate, but this does not constitute proper PKI authentication because the caller does not need access to the corresponding private key for the authentication attempt to be accepted.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

ALT-PU-2025-8072

ALT-PU-2025-8965

BDU:2025-10849

CVE-2024-38825

GHSA-4J59-VV55-Q6H3

OPENSUSE-SU-2025:15295-1

SUSE-SU-2025:02476-1

SUSE-SU-2025:02491-1

SUSE-SU-2025:02492-1

SUSE-SU-2025:02499-1

SUSE-SU-2025:02500-1

SUSE-SU-2025:02501-1

SUSE-SU-2025:02502-1

SUSE-SU-2025:02534-1

SUSE-SU-2025:20487-1

SUSE-SU-2025:20504-1

SUSE-SU-2025_02500-1

SUSE-SU-2025_02501-1

SUSE-SU-2025_02534-1

Affected Products

Alt Linux

Red Os

Salt

Suse

CVE-2024-38825

Weakness Enumeration

Related Identifiers

Affected Products

References · 147