Salt minion agent is triggering a Tenable vulnerability
search cancel

Salt minion agent is triggering a Tenable vulnerability

book

Article ID: 379764

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Nessus scans show a vulnerability in the 3006.8 version of the Salt Minion. 

Environment

Aria Automation Config 8.x
Salt 3006.8

Cause

Certifi 2023.7.22 is packaged in the 3006.8 Salt minion, and is considered vulnerable as per CVE-2024-39689:

https://cloud.tenable.com/vm/#/vuln-intelligence/CVE-2024-39689 

Resolution

Upgrade to Salt 3006.9, which has upgraded the Ceritfi package to the fixed version : 2024.07.04