GHSA-mfr3-9cj8-h2qm
Suggest an improvement- Source
- https://github.com/advisories/GHSA-mfr3-9cj8-h2qm
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mfr3-9cj8-h2qm/GHSA-mfr3-9cj8-h2qm.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-mfr3-9cj8-h2qm
- Aliases
-
- CVE-2014-3563
- PYSEC-2014-18
- Published
- 2022-05-17T01:24:39Z
- Modified
- 2024-12-01T05:30:57.490766Z
- Summary
- SaltStack Salt Insecure Temporary File Creation
- Details
-
Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.
- Database specific
{ "cwe_ids": [ "CWE-59" ], "github_reviewed": true, "github_reviewed_at": "2024-04-22T22:19:59Z", "severity": "HIGH", "nvd_published_at": "2014-08-22T17:55:00Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2014-3563
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95392
- https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2014-18.yaml
- https://github.com/saltstack/salt
- http://docs.saltstack.com/en/latest/topics/releases/2014.1.10.html
- http://seclists.org/oss-sec/2014/q3/428
Affected packages
PyPI / salt
Package
- Name
- salt
- View open source insights on deps.dev
- Purl
- pkg:pypi/salt
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2014.1.10
Affected versions
0.*
0.8.7
0.8.9
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4
0.9.5
0.9.6
0.9.7
0.9.8
0.9.9
0.9.9.1
0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.10.5
0.11.0
0.11.1
0.12.0
0.12.1
0.13.0
0.13.1
0.13.2
0.13.3
0.14.0
0.14.1
0.15.0
0.15.1
0.15.2
0.15.3
0.15.90
0.16.0
0.16.1
0.16.2
0.16.3
0.16.4
0.17.0rc1
0.17.0
0.17.1
0.17.2
0.17.3
0.17.4
0.17.5
2014.*
2014.1.0rc1
2014.1.0rc2
2014.1.0rc3
2014.1.0
2014.1.1
2014.1.2
2014.1.3
2014.1.4
2014.1.5
2014.1.6
2014.1.7
2014.1.8
2014.1.9