ALT Linux Team

Package salt update in p10 on 2024-03-25

ALT-PU-2024-4288-3

Package salt updated to version 3007.0-alt0.p10.1 for branch p10 in task 341197.

Closed vulnerabilities

Published: 2024-06-27
Modified: 2024-11-21

CVE-2024-22231

Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master.

References:
Published: 2024-06-27
Modified: 2024-11-21

CVE-2024-22232

A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s filesystem.

References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top