Package salt updated to version 3005.5-alt0.c9.1 for branch c9f2 in task 350817.

Published: 2024-06-27
Modified: 2024-11-21

CVE-2024-22231

Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master.

References:

https://saltproject.io/security-announcements/2024-01-31-advisory/
https://saltproject.io/security-announcements/2024-01-31-advisory/

Published: 2024-06-27
Modified: 2024-11-21

CVE-2024-22232

A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s filesystem.

References:

https://saltproject.io/security-announcements/2024-01-31-advisory/
https://saltproject.io/security-announcements/2024-01-31-advisory/

Version: 2.1.0

Package salt update in c9f2 on 2024-06-20

ALT-PU-2024-8995-3

Closed vulnerabilities

CVE-2024-22231

CVE-2024-22232