CVE-2022-22936: 
Python vulnerability analysis and mitigation

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. The vulnerability, identified as CVE-2022-22936, involves job publishes and file server replies being susceptible to replay attacks. This security flaw was discovered and reported in early 2022, affecting the SaltStack infrastructure management tool (NVD).

The vulnerability allows attackers to replay job publishes, causing minions to run old jobs, and file server replies can also be replayed. The severity of this vulnerability is rated as HIGH with a CVSS v3.1 Base Score of 8.8 (Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The weakness is classified as CWE-294 (Authentication Bypass by Capture-replay) (NVD).

Under certain scenarios, a sufficiently crafted attacker could gain root access on minion systems. The vulnerability affects the communication between Salt servers and clients, potentially compromising the security of the entire infrastructure management system (Cloudflare Blog).

The vulnerability has been patched in Salt versions 3002.8, 3003.4, and 3004.1. The fix includes adding the name of the addressed client, a nonce, and a signature to messages to prevent replay attacks. Users are strongly advised to upgrade to these or later versions (Cloudflare Blog).

Cloudflare conducted an extensive investigation of Salt's cryptographic protocol while working on making it quantum-secure, which led to the discovery of this vulnerability along with others (CVE-2022-22934, CVE-2022-22935). The findings prompted discussions about moving towards an mTLS-based transport system for improved security (Cloudflare Blog).