2372629 – (CVE-2025-22242) CVE-2025-22242 salt: Denial of service in saltstack

Bug 2372629 (CVE-2025-22242) - CVE-2025-22242 salt: Denial of service in saltstack

Summary: CVE-2025-22242 salt: Denial of service in saltstack

Keywords:
Status:	NEW
Alias:	CVE-2025-22242
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2372736 2372739 2372741 2372745
Blocks:
TreeView+	depends on / blocked

Reported:	2025-06-13 08:01 UTC by OSIDB Bzimport
Modified:	2025-06-13 17:32 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-06-13 08:01:02 UTC

Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pub_ret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by attempting to read from a filename that will not return any data, e.g. by targeting a pipe node on the proc file system.

Note You need to log in before you can comment on or make changes to this bug.