PyPi: Salt

CVE-2023-34049

Safety vulnerability ID: 66718

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Dec 27, 2023 Updated at Apr 30, 2024

Scan your Python projects for vulnerabilities →

Advisory

A vulnerability in Salt-SSH before 3005.4 and 3006.4 arises from the pre-flight option copying scripts to a target at a predictable path. This flaw enables an attacker with access to the target virtual machine (VM) and knowledge of the script's path to execute their own script under the privileges of the Salt-SSH user.

Affected package

salt

Latest version: 3007.0

Portable, distributed, remote execution and configuration management system

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34049

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application