Salt Request Server Replay Attack Vulnerability

Vulnerability

A vulnerability exists in Salt's request server, allowing replay attacks when TLS encryption is not used. This issue affects Salt versions 3006.12 and 3007.0 through 3007.4.

Impact

Exploitation of this vulnerability allows for replay attacks, where an attacker can intercept and resend requests, potentially leading to unauthorized actions or commands being executed.

Added: Jun 13, 2025, 7:42 AM

Updated: Jun 13, 2025, 7:42 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Salt Request Server Replay Attack Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating