CVE-2024-22232

Name
CVE-2024-22232
Description
A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s filesystem.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
https://saltproject.io/security-announcements/2024-01-31-advisory/

Match rules

CPE URI Source package Min version Max version
salt-project >= 0 < 3005.5, 3006.6

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
salt edge-community 3006.6-r0 Kevin Daudt <kdaudt@alpinelinux.org> fixed
salt 3.22-community 3006.6-r0 None fixed
salt 3.21-community 3006.6-r0 None fixed
salt 3.20-community 3006.6-r0 None fixed