Lucene search

K
osvGoogleOSV:CVE-2024-22232
HistoryJun 27, 2024 - 7:15 a.m.

CVE-2024-22232

2024-06-2707:15:00
Google
osv.dev
3
crafted url
directory traversal
salt file server
malicious user
arbitrary file
salt master
software

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

AI Score

7.2

Confidence

High

A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s filesystem.

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

AI Score

7.2

Confidence

High