Base Score

LOW2.7

CVE-2024-38823

Salt's request server is vulnerable to replay attacks when not using a TLS encrypted transport.

VectorNETWORK

Published Bysecurity@vmware.com

Published DateJun 13, 2025, 07:15

Weakness Type (CWE):CWE-294

CVSS Metrics

Base Score

2.7

Vector String

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Base Severity

LOW

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

HIGH

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

LOW

Availability (A)

NONE

References

https://docs.saltproject.io/en/3006/topics/releases/3006.12.html
https://docs.saltproject.io/en/3007/topics/releases/3007.4.html

Base Score

LOW2.7

Weakness Type (CWE):CWE-294

CVSS Metrics

Base Score

2.7

Vector String

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Base Severity

LOW

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

HIGH

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

LOW

Availability (A)

NONE