GHSA-q27c-j6j9-53w3
Suggest an improvement- Source
- https://github.com/advisories/GHSA-q27c-j6j9-53w3
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-q27c-j6j9-53w3/GHSA-q27c-j6j9-53w3.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-q27c-j6j9-53w3
- Aliases
- Published
- 2024-06-27T09:30:39Z
- Modified
- 2024-06-27T18:30:25.094889Z
- Severity
-
- 5.0 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N CVSS Calculator
- Summary
- Directory creation by malicious user in saltstack
- Details
-
Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master.
- Database specific
{ "nvd_published_at": "2024-06-27T07:15:52Z", "cwe_ids": [ "CWE-22" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-06-27T17:47:29Z" }- References
Affected packages
PyPI / salt
Package
- Name
- salt
- View open source insights on deps.dev
- Purl
- pkg:pypi/salt
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3005.5
Affected versions
0.*
0.8.7
0.8.9
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4
0.9.5
0.9.6
0.9.7
0.9.8
0.9.9
0.9.9.1
0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.10.5
0.11.0
0.11.1
0.12.0
0.12.1
0.13.0
0.13.1
0.13.2
0.13.3
0.14.0
0.14.1
0.15.0
0.15.1
0.15.2
0.15.3
0.15.90
0.16.0
0.16.1
0.16.2
0.16.3
0.16.4
0.17.0rc1
0.17.0
0.17.1
0.17.2
0.17.3
0.17.4
0.17.5
2014.*
2014.1.0rc1
2014.1.0rc2
2014.1.0rc3
2014.1.0
2014.1.1
2014.1.2
2014.1.3
2014.1.4
2014.1.5
2014.1.6
2014.1.7
2014.1.8
2014.1.9
2014.1.10
2014.1.11
2014.1.12
2014.1.13
2014.7.0rc1
2014.7.0rc2
2014.7.0rc3
2014.7.0rc4
2014.7.0rc5
2014.7.0rc6
2014.7.0rc7
2014.7.0
2014.7.1
2014.7.2
2014.7.3
2014.7.4
2014.7.5
2014.7.6
2014.7.7
2015.*
2015.2.0rc1
2015.2.0rc2
2015.5.0
2015.5.1
2015.5.2
2015.5.3
2015.5.4
2015.5.5
2015.5.6
2015.5.7
2015.5.8
2015.5.9
2015.5.10
2015.5.11
2015.8.0rc1
2015.8.0rc2
2015.8.0rc3
2015.8.0rc4
2015.8.0rc5
2015.8.0
2015.8.1
2015.8.2
2015.8.3
2015.8.4
2015.8.5
2015.8.7
2015.8.8
2015.8.8.2
2015.8.9
2015.8.10
2015.8.11
2015.8.12
2015.8.13
2016.*
2016.3.0rc2
2016.3.0rc3
2016.3.0
2016.3.1
2016.3.2
2016.3.3
2016.3.4
2016.3.5
2016.3.6
2016.3.7
2016.3.8
2016.11.0rc1
2016.11.0rc2
2016.11.0
2016.11.1
2016.11.2
2016.11.3
2016.11.4
2016.11.5
2016.11.6
2016.11.7
2016.11.8
2016.11.9
2016.11.10
2017.*
2017.7.0rc1
2017.7.0
2017.7.1
2017.7.2
2017.7.3
2017.7.4
2017.7.5
2017.7.6
2017.7.7
2017.7.8
2018.*
2018.3.0rc1
2018.3.0
2018.3.1
2018.3.2
2018.3.3
2018.3.4
2018.3.5
2019.*
2019.2.0rc1
2019.2.0rc2
2019.2.0
2019.2.1
2019.2.2
2019.2.3
2019.2.4
2019.2.5
2019.2.6
2019.2.7
2019.2.8
3000.*
3000.0.0rc1
3000.0.0rc2
3000.1
3000.2
3000.3
3000.4
3000.5
3000.6
3000.7
3000.8
3000.9
Other
3000
3001rc1
3001
3002rc1
3002
3003rc1
3003
3004rc1
3004
3005rc1
3005rc2
3005
3001.*
3001.1
3001.2
3001.3
3001.4
3001.5
3001.6
3001.7
3001.8
3002.*
3002.1
3002.2
3002.3
3002.4
3002.5
3002.6
3002.7
3002.8
3002.9
3003.*
3003.1
3003.2
3003.3
3003.4
3003.5
3004.*
3004.1
3004.2
3005.*
3005.1
3005.2
3005.3
3005.4
PyPI / salt
Package
- Name
- salt
- View open source insights on deps.dev
- Purl
- pkg:pypi/salt