Lucene search

GitHub Advisory DatabaseGHSA-76X4-X3P6-RPR9

HistoryMay 24, 2022 - 5:43 p.m.

SaltStack Salt Directory Traversal vulnerability

2022-05-2417:43:22

CWE-22

GitHub Advisory Database

github.com

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

9.2 High

AI Score

Confidence

High

0.853 High

EPSS

Percentile

98.6%

JSON

An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.

Affected configurations

Vulners

Node

saltstacksaltRange<3002.3

saltstacksaltRange<3001.5

saltstacksaltRange<3000.7

saltstacksaltRange<2019.2.8

saltstacksaltRange≤2018.3.5

saltstacksaltRange<2017.7.8

saltstacksaltRange<2016.11.10

saltstacksaltRange<2016.11.5

saltstacksaltRange<2015.8.13

CPENameOperatorVersion
saltlt3002.3
saltlt3001.5
saltlt3000.7
saltlt2019.2.8
saltle2018.3.5
saltlt2017.7.8
saltlt2016.11.10
saltlt2016.11.5
saltlt2015.8.13

Name	Operator	Version
salt	lt	3002.3
salt	lt	3001.5
salt	lt	3000.7
salt	lt	2019.2.8
salt	le	2018.3.5
salt	lt	2017.7.8
salt	lt	2016.11.10
salt	lt	2016.11.5
salt	lt	2015.8.13

References

packetstormsecurity.com/files/162058/SaltStack-Salt-API-Unauthenticated-Remote-Command-Execution.html

github.com/advisories/GHSA-76x4-x3p6-rpr9

github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.7.rst#L31

github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.5.rst#L31

github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.3.rst#L31

github.com/saltstack/salt/releases

lists.debian.org/debian-lts-announce/2021/11/msg00009.html

lists.debian.org/debian-lts-announce/2022/01/msg00000.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5

lists.fedoraproject.org/archives/list/[email protected]/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB

lists.fedoraproject.org/archives/list/[email protected]/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH

lists.fedoraproject.org/archives/list/[email protected]/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5

nvd.nist.gov/vuln/detail/CVE-2021-25282

saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25

security.gentoo.org/glsa/202103-01

security.gentoo.org/glsa/202310-22

www.debian.org/security/2021/dsa-5011

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

9.2 High

AI Score

Confidence

High

0.853 High

EPSS

Percentile

98.6%

JSON

Related for GHSA-76X4-X3P6-RPR9