Overview
- Description
- An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:N/A:N
Known exploits
Data from CISA
- Vulnerability name
- SaltStack Salt Path Traversal Vulnerability
- Exploit added on
- Nov 3, 2021
- Exploit action due
- May 3, 2022
- Required action
- Apply updates per vendor instructions.
Weaknesses
- nvd@nist.gov
- CWE-22
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5861CF02-E8F5-494E-8F51-5AB233260828",
"versionEndExcluding": "2019.2.4"
},
{
"criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E84C993E-1C6B-4984-9552-4A76A1FE3EF2",
"versionEndExcluding": "3000.2",
"versionStartIncluding": "3000"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:workspaces_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C5B41060-E2BF-4C6B-9058-1A4C29D4B922",
"versionEndIncluding": "7.1.3"
},
{
"criteria": "cpe:2.3:a:blackberry:workspaces_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1E2E34D6-A5DA-497C-8019-4B41BFD0E726",
"versionEndIncluding": "8.2.6",
"versionStartIncluding": "8.0.0"
},
{
"criteria": "cpe:2.3:a:blackberry:workspaces_server:9.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F418742F-5FCB-49ED-AD0D-DFDFF6AFA01D"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:application_remote_collector:7.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "96DB76F8-036A-4401-B926-9B5156E032C1"
},
{
"criteria": "cpe:2.3:a:vmware:application_remote_collector:8.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4C3F42E7-CB56-4287-B09F-C5528B97EB7C"
}
],
"operator": "OR"
}
]
}
]