Lucene search
Veracode Vulnerability DatabaseVERACODE:46708HistoryMay 02, 2024 - 6:36 a.m.
Symlink Attack
2024-05-0206:36:22
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
symlink attack
salt
vulnerable
temporary files
local attacker
elevated privileges
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
6.5
Confidence
High
EPSS
0
Percentile
5.1%
Salt is vulnerable to Symlink attacks. The vulnerability is due to insecure creation of temporary files in seed.py ,salt-ssh, or salt-cloud, which allows a local attacker to exploit this by creating symbolic links to overwrite arbitrary files with elevated privileges.
Related
debiancve
debiancve
CVE-2014-3563
2014-08-22 17:55:02
cvelist
cvelist
CVE-2014-3563
2014-08-22 17:00:00
cve
cve
CVE-2014-3563
2014-08-22 17:55:02
prion
prion
Code injection
2014-08-22 17:55:00
nvd
nvd
CVE-2014-3563
2014-08-22 17:55:02
osv
osv
SaltStack Salt Insecure Temporary File Creation
2022-05-17 01:24:39
PYSEC-2014-18
2014-08-22 17:55:00
salt vulnerabilities
2021-03-15 20:11:16
github
github
SaltStack Salt Insecure Temporary File Creation
2022-05-17 01:24:39
ubuntucve
ubuntucve
CVE-2014-3563
2014-08-22 00:00:00
nessus
nessus
Ubuntu 16.04 ESM : Salt vulnerabilities (USN-4769-1)
2023-10-20 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4769-1)
2023-01-27 00:00:00
ubuntu
ubuntu
Salt vulnerabilities
2021-03-15 00:00:00
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
6.5
Confidence
High
EPSS
0
Percentile
5.1%
Related for VERACODE:46708