PYSEC-2018-29
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/salt/PYSEC-2018-29.yaml
- JSON Data
- https://api.test.osv.dev/v1/vulns/PYSEC-2018-29
- Aliases
- Published
- 2018-10-24T22:29:00Z
- Modified
- 2024-04-22T22:41:42.414202Z
- Summary
- [none]
- Details
-
Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.
- References
-
- https://groups.google.com/d/msg/salt-users/L9xqcJ0UXxs/qgDj42obBQAJ
- https://groups.google.com/d/msg/salt-users/dimVF7rpphY/jn3Xv3MbBQAJ
- https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html
- https://docs.saltstack.com/en/2017.7/topics/releases/2017.7.8.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html
- https://lists.debian.org/debian-lts-announce/2020/07/msg00024.html
- https://usn.ubuntu.com/4459-1/
Affected packages
PyPI / salt
Package
- Name
- salt
- View open source insights on deps.dev
- Purl
- pkg:pypi/salt
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2017.7.8Introduced2018.3.0Fixed2018.3.3
Affected versions
0.*
0.8.7
0.8.9
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4
0.9.5
0.9.6
0.9.7
0.9.8
0.9.9
0.9.9.1
0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.10.5
0.11.0
0.11.1
0.12.0
0.12.1
0.13.0
0.13.1
0.13.2
0.13.3
0.14.0
0.14.1
0.15.0
0.15.1
0.15.2
0.15.3
0.15.90
0.16.0
0.16.1
0.16.2
0.16.3
0.16.4
0.17.0rc1
0.17.0
0.17.1
0.17.2
0.17.3
0.17.4
0.17.5
2014.*
2014.1.0rc1
2014.1.0rc2
2014.1.0rc3
2014.1.0
2014.1.1
2014.1.2
2014.1.3
2014.1.4
2014.1.5
2014.1.6
2014.1.7
2014.1.8
2014.1.9
2014.1.10
2014.1.11
2014.1.12
2014.1.13
2014.7.0rc1
2014.7.0rc2
2014.7.0rc3
2014.7.0rc4
2014.7.0rc5
2014.7.0rc6
2014.7.0rc7
2014.7.0
2014.7.1
2014.7.2
2014.7.3
2014.7.4
2014.7.5
2014.7.6
2014.7.7
2015.*
2015.2.0rc1
2015.2.0rc2
2015.5.0
2015.5.1
2015.5.2
2015.5.3
2015.5.4
2015.5.5
2015.5.6
2015.5.7
2015.5.8
2015.5.9
2015.5.10
2015.5.11
2015.8.0rc1
2015.8.0rc2
2015.8.0rc3
2015.8.0rc4
2015.8.0rc5
2015.8.0
2015.8.1
2015.8.2
2015.8.3
2015.8.4
2015.8.5
2015.8.7
2015.8.8
2015.8.8.2
2015.8.9
2015.8.10
2015.8.11
2015.8.12
2015.8.13
2016.*
2016.3.0rc2
2016.3.0rc3
2016.3.0
2016.3.1
2016.3.2
2016.3.3
2016.3.4
2016.3.5
2016.3.6
2016.3.7
2016.3.8
2016.11.0rc1
2016.11.0rc2
2016.11.0
2016.11.1
2016.11.2
2016.11.3
2016.11.4
2016.11.5
2016.11.6
2016.11.7
2016.11.8
2016.11.9
2016.11.10
2017.*
2017.7.0rc1
2017.7.0
2017.7.1
2017.7.2
2017.7.3
2017.7.4
2017.7.5
2017.7.6
2017.7.7
2018.*
2018.3.0
2018.3.1
2018.3.2