search

saltstack / salt

Software to automate the management and configuration of any infrastructure or application at scale. Install Salt from the Salt package repositories here:
https://docs.saltproject.io/salt/install-guide/en/latest/
Apache License 2.0
14.2k stars 5.48k forks source link

[Vulnerability] OpenSSL 3.2.0 < 3.2.4 Vulnerability #67013

Open SaherH opened 3 weeks ago

SaherH commented 3 weeks ago

Description Vulnerable libcrypto in /opt/saltstack is being reported by the nessus scanner

Plugin ID CVE CVSS Risk Name Solution Plugin Output
209153 CVE-2024-9143 8.8 High OpenSSL 3.2.0 < 3.2.4 Vulnerability Upgrade to OpenSSL version 3.2.4 or later. Path : /opt/saltstack/salt/lib/libcrypto.so.3
Reported version : 3.2.2
Fixed version : 3.2.4

https://www.tenable.com/plugins/nessus/209153 https://www.cve.org/CVERecord?id=CVE-2024-9143

Setup

Versions Report

salt --versions-report (Provided by running salt --versions-report. Please also mention any differences in master/minion versions.) ```yaml Salt Version: Salt: 3006.9 Python Version: Python: 3.10.14 (main, Jun 26 2024, 11:44:37) [GCC 11.2.0] Dependency Versions: cffi: 1.14.6 cherrypy: 18.6.1 cryptography: 42.0.5 dateutil: 2.8.1 docker-py: Not Installed gitdb: Not Installed gitpython: Not Installed Jinja2: 3.1.4 libgit2: Not Installed looseversion: 1.0.2 M2Crypto: Not Installed Mako: Not Installed msgpack: 1.0.2 msgpack-pure: Not Installed mysql-python: Not Installed packaging: 22.0 pycparser: 2.21 pycrypto: Not Installed pycryptodome: 3.19.1 pygit2: Not Installed python-gnupg: 0.4.8 PyYAML: 6.0.1 PyZMQ: 23.2.0 relenv: 0.17.0 smmap: Not Installed timelib: 0.2.4 Tornado: 4.5.3 ZMQ: 4.3.4 System Versions: dist: rocky 8.10 Green Obsidian locale: utf-8 machine: x86_64 release: 4.18.0-553.16.1.el8_10.x86_64 system: Linux version: Rocky Linux 8.10 Green Obsidian ```