You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description
The Nessus vulnerability scanner reported vulnerabilities related to Salt.
After upgrading the Salt component to the latest community release version 3007, one medium vulnerability remains unresolved upon rescanning.
The detail of the vulnerability:
Plugin ID
CVE
CVSS
Risk
Name
Solution
Plugin Output
192967
CVE-2024-4741
5.4
Medium
OpenSSL 3.2.0 < 3.2.2 Multiple Vulnerabilities
Upgrade to OpenSSL version 3.2.2 or later.
Path : /opt/saltstack/salt/lib/libcrypto.so.3 Reported version : 3.2.1 Fixed version : 3.2.2
The vulnerability is introduced by the file /opt/saltstack/salt/lib/libcrypto.so.3; this file is owned by salt-common.
# dpkg -S /opt/saltstack/salt/lib/libcrypto.so.3
salt-common: /opt/saltstack/salt/lib/libcrypto.so.3
# dpkg -l |grep -i salt-common
ii salt-common 3007.1 amd64 shared libraries that salt requires for all packages
Setup
Could you take a look how to fix this Vulnerability issue?
(Please provide relevant configs and/or SLS files (be sure to remove sensitive info. There is no general set-up of Salt.)
Please be as specific as possible and give set-up details.
on-prem machine
VM (Virtualbox, KVM, etc. please specify)
VM running on a cloud service, please be explicit and add details
container (Kubernetes, Docker, containerd, etc. please specify)
or a combination, please be explicit
jails if it is FreeBSD
classic packaging
onedir packaging
used bootstrap to install
Steps to Reproduce the behavior
(Include debug logs if possible and relevant)
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Versions Report
salt --versions-report
(Provided by running salt --versions-report. Please also mention any differences in master/minion versions.)
PASTE HERE
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered:
Hi there! Welcome to the Salt Community! Thank you for making your first contribution. We have a lengthy process for issues and PRs. Someone from the Core Team will follow up as soon as possible. In the meantime, here’s some information that may help as you continue your Salt journey.
Please be sure to review our Code of Conduct. Also, check out some of our community resources including:
There are lots of ways to get involved in our community. Every month, there are around a dozen opportunities to meet with other contributors and the Salt Core team and collaborate in real time. The best way to keep track is by subscribing to the Salt Community Events Calendar.
If you have additional questions, email us at saltproject@vmware.com. We’re glad you’ve joined our community and look forward to doing awesome things with you!
Description
The Nessus vulnerability scanner reported vulnerabilities related to Salt.
After upgrading the Salt component to the latest community release version 3007, one medium vulnerability remains unresolved upon rescanning.
The detail of the vulnerability:
The vulnerability is introduced by the file /opt/saltstack/salt/lib/libcrypto.so.3; this file is owned by salt-common.
Setup
Could you take a look how to fix this Vulnerability issue?
(Please provide relevant configs and/or SLS files (be sure to remove sensitive info. There is no general set-up of Salt.)
Please be as specific as possible and give set-up details.
Steps to Reproduce the behavior
(Include debug logs if possible and relevant)
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Versions Report
salt --versions-report
(Provided by running salt --versions-report. Please also mention any differences in master/minion versions.)PASTE HERE
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: