Lucene search

PRIOn knowledge basePRION:CVE-2018-15750

HistoryOct 24, 2018 - 10:29 p.m.

Directory traversal

2018-10-2422:29:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.4%

JSON

Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.

CPENameOperatorVersion
saltlt2017.7.8
saltge2018.3.0
saltlt2018.3.3

Name	Operator	Version
salt	lt	2017.7.8
salt	ge	2018.3.0
salt	lt	2018.3.3

References

lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html

docs.saltstack.com/en/2017.7/topics/releases/2017.7.8.html

docs.saltstack.com/en/latest/topics/releases/2018.3.3.html

groups.google.com/d/msg/salt-users/dimVF7rpphY/jn3Xv3MbBQAJ

groups.google.com/d/msg/salt-users/L9xqcJ0UXxs/qgDj42obBQAJ

lists.debian.org/debian-lts-announce/2020/07/msg00024.html

usn.ubuntu.com/4459-1/