{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T00:47:43.982","vulnerabilities":[{"cve":{"id":"CVE-2024-38825","sourceIdentifier":"security@vmware.com","published":"2025-06-13T07:15:20.717","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The salt.auth.pki module does not properly authenticate callers. The \"password\" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication attempt to be accepted."},{"lang":"es","value":"El módulo salt.auth.pki no autentica correctamente a los usuarios que llaman. El campo \"contraseña\" contiene un certificado público que el módulo valida con un certificado de CA. Esto no es autenticación PKI, ya que el usuario que llama no necesita acceder a la clave privada correspondiente para que se acepte el intento de autenticación."}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://docs.saltproject.io/en/3006/topics/releases/3006.12.html","source":"security@vmware.com"},{"url":"https://docs.saltproject.io/en/3007/topics/releases/3007.4.html","source":"security@vmware.com"}]}}]}