Replay Attack Vulnerability in Salt's Request Server by Salt Project
CVE-2024-38823

2.7LOW

Key Information:

Vendor: Vmware
Status: Salt
Vendor: CVE Published:; 13 June 2025

What is CVE-2024-38823?

Salt's request server has a vulnerability that allows attackers to exploit replay attacks if not secured with a TLS-encrypted transport. This could potentially lead to unauthorized access or the interception of sensitive data. It is crucial for users to ensure proper encryption is in place to mitigate these risks.

Affected Version(s)

SALT 3006.x < 3006.12

SALT 3007.x < 3007.4

References

https://docs.saltproject.io/en/3006/topics/releases/3006....

https://docs.saltproject.io/en/3007/topics/releases/3007....

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 13, 2025
Vulnerability Reserved
Jun 19, 2024

Vmware

What is CVE-2024-38823?

Affected Version(s)

References

CVSS V3.1

Timeline