Listen to this Post
How the CVE Works
The vulnerability resides in SaltStack’s Master `pub_ret` method, which processes job IDs (jid) from minions without proper sanitization. An attacker can manipulate the `jid` parameter to force the master to read from a non-responsive filesystem location (e.g., `/proc/` pipes). This causes the worker process to hang indefinitely, leading to a denial of service (DoS) condition. The flaw affects versions 3006.0rc1 to 3006.12 and 3007.0rc1 to 3007.4.
DailyCVE Form
Platform: SaltStack
Version: 3006.0rc1-3006.12, 3007.0rc1-3007.4
Vulnerability: DoS via file read
Severity: Moderate
Date: Jun 13, 2025
Prediction: Patch by Jun 27, 2025
What Undercode Say
Check SaltStack version
salt --versions-report
Monitor worker processes
ps aux | grep salt-master
Test exploit (PoC)
curl -X POST -d '{"jid":"/proc/self/fd/0"}' http://salt-master:8000/pub_ret
How Exploit
1. Attacker crafts malicious `jid` payload.
2. Master attempts to read from `/proc` pipe.
3. Worker process hangs indefinitely.
4. Repeated attacks exhaust resources.
Protection from this CVE
- Upgrade to 3006.12 or 3007.4.
- Restrict minion access.
- Monitor filesystem I/O.
Impact
- Service disruption.
- Resource exhaustion.
- No remote code execution.
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
