1. Home
  2. CVE Database
  3. CVE-2024-38825
MEDIUM · 6.4

CVE-2024-38825

The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentic...

Vulnerability Description

The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication attempt to be accepted.

CVSS Score

6.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Related Weaknesses (CWE)

CWE-287

References

FAQ

What is CVE-2024-38825?

CVE-2024-38825 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentic...

How severe is CVE-2024-38825?

CVE-2024-38825 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-38825?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.