ALT Linux Team

Package salt update in p10 on 2024-03-25

ALT-PU-2024-4288-4

Package salt updated to version 3007.0-alt0.p10.1 for branch p10 in task 341197.

Closed vulnerabilities

Published: 2024-06-28

BDU:2024-04876

Уязвимость системы управления конфигурациями и удалённого выполнения операций Salt, связанная с возможностью обхода каталога, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
Severity: MEDIUM (4.0)Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N
References:
Published: 2024-06-28

BDU:2024-04877

Уязвимость системы управления конфигурациями и удалённого выполнения операций Salt, связанная с созданием специальных URL-адресов, позволяющая нарушителю получить доступ к конфиденциальной информации

Severity: HIGH (7.7)Vector: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:C/I:N/A:N
References:
Published: 2024-06-27
Modified: 2026-04-15

CVE-2024-22231

Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master.

Severity: MEDIUM (5.0)Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
References:
Published: 2024-06-27
Modified: 2026-04-15

CVE-2024-22232

A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s filesystem.

Severity: HIGH (7.7)Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
Published: 2024-06-27
Modified: 2024-06-27

GHSA-2qw3-2wv6-p64x

Path traversal in saltstack

Severity: HIGH (7.7)Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
Published: 2024-06-27
Modified: 2024-06-27

GHSA-q27c-j6j9-53w3

Directory creation by malicious user in saltstack

Severity: MEDIUM (5.0)Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
References:
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: 2.1.2
Back to top