ALT-PU-2024-4288-4

BDU:2024-04876

MEDIUM5.0

Уязвимость системы управления конфигурациями и удалённого выполнения операций Salt, связанная с возможностью обхода каталога, позволяющая нарушителю выполнить произвольный код

Published: 2024-06-28

CVSS 3.xMEDIUM 5.0

CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:N

References

CVE-2024-22231

BDU:2024-04877

HIGH7.7

Уязвимость системы управления конфигурациями и удалённого выполнения операций Salt, связанная с созданием специальных URL-адресов, позволяющая нарушителю получить доступ к конфиденциальной информации

Published: 2024-06-28

CVSS 3.xHIGH 7.7

CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:C/I:N/A:N

References

CVE-2024-22232

CVE-2024-22231

MEDIUM5.0

Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master.

Published: 2024-06-27Modified: 2026-04-15

CVSS 3.xMEDIUM 5.0

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

References

CVE-2024-22232

HIGH7.7

A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s filesystem.

Published: 2024-06-27Modified: 2026-04-15

CVSS 3.xHIGH 7.7

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

References

GHSA-2qw3-2wv6-p64x

HIGH7.7

Path traversal in saltstack

Published: 2024-06-27Modified: 2024-06-27

CVSS 3.xHIGH 7.7

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

References

GHSA-q27c-j6j9-53w3

MEDIUM5.0

Directory creation by malicious user in saltstack

Published: 2024-06-27Modified: 2024-06-27

CVSS 3.xMEDIUM 5.0

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

References

Package update salt in branch p10

Closed issues (6)

Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master.

A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s filesystem.

Path traversal in saltstack

Directory creation by malicious user in saltstack