Lucene search

GitHub Advisory DatabaseGHSA-Q27C-J6J9-53W3

HistoryJun 27, 2024 - 9:30 a.m.

Directory creation by malicious user in saltstack

2024-06-2709:30:39

CWE-22

GitHub Advisory Database

github.com

saltstack

directory creation

malicious user

security vulnerability

software

5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master.

Affected configurations

Vulners

Node

saltstacksaltRange<3006.6

saltstacksaltRange<3005.5

CPENameOperatorVersion
saltlt3006.6
saltlt3005.5

CPE	Name	Operator	Version
	salt	lt	3006.6
	salt	lt	3005.5

References

github.com/advisories/GHSA-q27c-j6j9-53w3

github.com/saltstack/salt/commit/e0cdb80b55123f4a024759ffcf2b3f0e0788e7ab

nvd.nist.gov/vuln/detail/CVE-2024-22231

saltproject.io/security-announcements/2024-01-31-advisory

5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for GHSA-Q27C-J6J9-53W3