CVE-2023-34049 – salt

Package

Manager: pip
Name: salt
Vulnerable Version: >=0 <3005.4 || >=3006.0rc1 <3006.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00053 pctl0.16132

Details

Salt preflight script could be attacker controlled The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH. Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.

Metadata

Created: 2024-11-14T06:30:45Z
Modified: 2024-11-14T18:06:53Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-4277-m35q-7c9w/GHSA-4277-m35q-7c9w.json
CWE IDs: ["CWE-340"]
Alternative ID: GHSA-4277-m35q-7c9w
Finding: F034
Auto approve: 1