Package salt updated to version 3005.5-alt0.c9.1 for branch c9f2 in task 350817.

Published: 2024-06-27
Modified: 2024-11-21

CVE-2024-22231

Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master.

Severity: MEDIUM (5.0) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

References:

https://saltproject.io/security-announcements/2024-01-31-advisory/
https://saltproject.io/security-announcements/2024-01-31-advisory/

Published: 2024-06-27
Modified: 2024-11-21

CVE-2024-22232

A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s filesystem.

Severity: HIGH (7.7) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

References:

https://saltproject.io/security-announcements/2024-01-31-advisory/
https://saltproject.io/security-announcements/2024-01-31-advisory/

Version: 2.1.2

Package salt update in c9f2 on 2024-06-20

ALT-PU-2024-8995-3

Closed vulnerabilities

CVE-2024-22231

CVE-2024-22232