CVE-2023-20898

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-20898
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-20898.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-20898
Aliases
Downstream
Related
Published
2023-09-05T11:15:33.300Z
Modified
2026-02-11T14:41:22.939251Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. Anything that uses Git Providers with different environments can get garbage data or the wrong data, which can lead to wrongful data disclosure, wrongful executions, data corruption and/or crash.

References

Affected packages

Git / github.com/saltstack/salt

Affected ranges

Type
GIT
Repo
https://github.com/saltstack/salt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
c71ff9204ab5ae90b21b68cf3447be472a8db8f2
Introduced
86bb64dde27281d545ef46e1a42471a90c494197
Fixed
8f750fa7ae115c48c16ca03ef3f16e4ba76f921c

Affected versions

v3005.*
v3005.1-2
v3005.1-3
v3005.1-4
v3006.*
v3006.0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-20898.json"