An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "salt-ssh": "0.17.5+ds-1ubuntu0.1~esm2", "salt-master": "0.17.5+ds-1ubuntu0.1~esm2", "salt-doc": "0.17.5+ds-1ubuntu0.1~esm2", "salt-common": "0.17.5+ds-1ubuntu0.1~esm2", "salt-minion": "0.17.5+ds-1ubuntu0.1~esm2", "salt-syndic": "0.17.5+ds-1ubuntu0.1~esm2" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "salt-cloud": "2015.8.8+ds-1ubuntu0.1", "salt-common": "2015.8.8+ds-1ubuntu0.1", "salt-syndic": "2015.8.8+ds-1ubuntu0.1", "salt-ssh": "2015.8.8+ds-1ubuntu0.1", "salt-master": "2015.8.8+ds-1ubuntu0.1", "salt-doc": "2015.8.8+ds-1ubuntu0.1", "salt-api": "2015.8.8+ds-1ubuntu0.1", "salt-minion": "2015.8.8+ds-1ubuntu0.1", "salt-proxy": "2015.8.8+ds-1ubuntu0.1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "salt-cloud": "2017.7.4+dfsg1-1ubuntu18.04.2", "salt-common": "2017.7.4+dfsg1-1ubuntu18.04.2", "salt-syndic": "2017.7.4+dfsg1-1ubuntu18.04.2", "salt-ssh": "2017.7.4+dfsg1-1ubuntu18.04.2", "salt-master": "2017.7.4+dfsg1-1ubuntu18.04.2", "salt-doc": "2017.7.4+dfsg1-1ubuntu18.04.2", "salt-api": "2017.7.4+dfsg1-1ubuntu18.04.2", "salt-minion": "2017.7.4+dfsg1-1ubuntu18.04.2", "salt-proxy": "2017.7.4+dfsg1-1ubuntu18.04.2" } ] }