5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
7.1 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.2%
salt is vulnerable to Path Traversal. The vulnerability is caused by roots.py
because there is no explicit path validation before performing file operations, as well as master.py
creating directories and files based on unvalidated user input. An attacker can exploit these flaws to traverse and manipulate the file system outside of the intended boundaries.
5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
7.1 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.2%