CVE-2024-22231

Name
CVE-2024-22231
Description
Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
https://saltproject.io/security-announcements/2024-01-31-advisory/

Match rules

CPE URI Source package Min version Max version
salt-project >= 0 < 3005.5, 3006.6

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
salt 3.19-community 3006.6-r0 Kevin Daudt <kdaudt@alpinelinux.org> fixed