Salt Project Minion Event Bus Authorization Bypass Vulnerability

Vulnerability

A vulnerability exists in Salt Project versions 3007.0 and later, allowing an attacker with access to a minion key to bypass authorization on the minion event bus. This could enable the attacker to craft messages that execute jobs on other minions.

Impact

Exploitation of this vulnerability could lead to unauthorized job execution on other minions, potentially allowing for further exploitation or manipulation of those systems.

Added: Jun 13, 2025, 7:39 AM

Updated: Jun 13, 2025, 7:39 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Salt Project Minion Event Bus Authorization Bypass Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating