VMware Aria Operations 8.x < 8.18 HF 5 Privilege Escalation (VMSA-2025-0006)

The version of VMware Aria Operations formerly vRealize Operations running on the remote host is 8.x prior to 8.18 HF 5. It is, therefore, affected by a privilege escalation vulnerability. A malicious actor with local administrative privileges can escalate their privileges to root on the applianc...

CVE-2025-22231

creationtimestamp| type| source ---|---|--- 2025-04-01 14:00:26+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114263066271453967 2025-04-01 14:00:26+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114263066271453967 2025-04-01 16:32:33+00:00| seen|...

CVE-2025-22231 VMware Aria Operations updates address a local privilege escalation vulnerability (CVE-2025-22231)

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can escalate their privileges to root on the appliance running VMware Aria Operations...

CVE-2025-22231

VMware Aria Operations (8.x, on any host) is affected by a local privilege escalation that allows a user with local admin rights to escalate to root on the appliance. The issue is addressed by patching to 8.18 HF 5 (per VMSA-2025-0006). Connected security advisories indicate a CVSSv3 base score o...

CVE-2025-22231 VMware Aria Operations updates address a local privilege escalation vulnerability (CVE-2025-22231)

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can escalate their privileges to root on the appliance running VMware Aria Operations...

VMSA-2025-0006: VMware Aria Operations updates address a local privilege escalation vulnerability (CVE-2025-22231)

Advisory ID: | VMSA-2025-0006 ---|--- Advisory Severity: | Important CVSSv3 Range: | 7.8 Synopsis: | VMware Aria Operations updates address a local privilege escalation vulnerability CVE-2025-22231 Issue date: | 2025-04-01 Updated on: | 2025-04-01 Initial Advisory CVEs | CVE-2025-22231 1. Impacte...

elita (>=0.60.0 <=0.64.1), slskit (>=2020.1.1 <=2020.9.0) potentially affected by CVE-2024-22231 via salt (>=2014.1.10 <=3001.8.0)

salt PYPI version =2014.1.10, =0.60.0, =2020.1.1, =2020.9.0 Source cves: CVE-2024-22231 Source advisory: OSV:GHSA-Q27C-J6J9-53W3...

CVE-2024-22231

Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master...

CVE-2024-22231

Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master...

CVE-2024-22231

Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master...

CVE-2024-22231 Syndic cache directory creation is vulnerable to a directory traversal attack

Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master...

CVE-2024-22231 Syndic cache directory creation is vulnerable to a directory traversal attack

Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master...

CVE-2024-22231

CVE-2024-22231 affects Salt: Syndic cache directory creation is vulnerable to directory traversal during cache dir creation on the Salt master, enabling an attacker to create arbitrary directories. Reported across multiple advisories (Gentoo GLSA 202412-09; SUSE-SU-2024:1518-1; Debian/Ubuntu/NVD ...

GitLab 8.0 < 13.11.6 / 13.12 < 13.12.6 / 14.0 < 14.0.2 (CVE-2021-22231)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A denial of service in user's profile page is found starting with GitLab CE/EE 8.0 that allows attacker to reject access to their profile page via using a specially crafted username. CVE-2021-22231 No...

SUSE SLES15 Security Update : SUSE Manager Salt Bundle (SUSE-SU-2024:1518-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1518-1 advisory. - The vulnerability is due to an input validation error when processing directory traversal sequences during the creation of the Syndic cache...

SUSE-SU-2024:1518-1 Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Security issues fixed: CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master bsc1219430 CVE-2024-22232: Prevent directory traversal attacks in the master's servefile method bsc1219431 - Bugs fixed...

SUSE-SU-2024:1517-1 Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Security issues fixed: CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master bsc1219430 CVE-2024-22232: Prevent directory traversal attacks in the master's servefile method bsc1219431 - Bugs fixed...

openSUSE: Security Advisory for salt (SUSE-SU-2024:0509-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Advisory (SUSE-SU-2024:0510-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 Security Update : salt (SUSE-SU-2024:0507-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0507-1 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number...