Safety vulnerability ID: 65902
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Salt version 3005.5 implements a fix to block directory traversal attempts when establishing the syndic cache directory on the master, addressing the security issue outlined in CVE-2024-22231.
https://github.com/saltstack/salt/commit/67bdf8b2ec4bc396a7226d57565b8a05eaec1e88
Latest version: 3007.0
Portable, distributed, remote execution and configuration management system
========================
Security
--------
- Fix CVE-2024-22231 Prevent directory traversal when creating syndic cache directory on the master.
- Fix CVE-2024-22232 Prevent directory traversal attacks in the master's serve_file method.
These vulnerablities were discovered and reported by:
Yudi Zhao(Huawei Nebula Security Lab),Chenwei Jiang(Huawei Nebula Security Lab) (565)
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application