CVE-2025-22238 CVE-2025-22238 salt advisory

Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory...

CVE-2025-22238

CVE-2025-22238 describes a directory traversal vulnerability in Salt’s master cache handling, where the master’s default cache could be written to or overwritten outside the intended cache directory via the minion file cache creation. Connected sources confirm the issue is real in Salt deployment...

Salt 安全漏洞

Salt is an automation, infrastructure management, data-driven orchestration, and remote execution application from the Salt project. A security vulnerability exists in Salt that stems from a directory traversal that could result in arbitrary files being written to the main cache directory...

Salt 安全漏洞

Salt is an automation, infrastructure management, data-driven orchestration, and remote execution application from the Salt project. A security vulnerability exists in Salt that stems from a directory traversal attack in minion file cache creation, which could result in writing or overwriting fil...

SUSE CVE-2024-22231

Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere due to insecure initialization of the DEFAULTCACHEDIR in app.py, using of user input...

Improper Access Control

snowflake-connector-nodejs is vulnerable to Improper Access Control. The vulnerability is due to insufficient file permission checks due to an attacker with write access to the local cache directory being able to bypass temporary credential cache restrictions...

GHSA-XFHV-WQJ6-RX99 snowflake-sdk may incorrectly validate temporary credential cache file permissions

Issue Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This vulnerability affects versions 1.12.0 through 2.0.1 on Linux...

SUSE-SU-2024:4303-1 Security update for buildah

This update for buildah fixes the following issues: Security issues fixed: - CVE-2024-9675: cache arbitrary directory mount bsc1231499 - CVE-2024-9407: Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction bsc1231208 - CVE-2024-9676: symlink traversal...

buildah: Buildah allows arbitrary directory mount

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a RUN instruction in a Container file to mount an arbitrary directory from the host read/write into the container as long as those files can...

buildah: Buildah allows arbitrary directory mount

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a RUN instruction in a Container file to mount an arbitrary directory from the host read/write into the container as long as those files can...

Security update for buildah

This update for buildah fixes the following issues: CVE-2024-9675: Fixed arbitrary cache directory mount bsc1231499 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed...

Path Traversal

github.com/containers/buildah is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of user-specified paths for cache mounts, which allows users to reference directories outside the designated cache directory...

CVE-2022-30636

httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token value to lookup in the DirCache implementation. On Windows, path.Base acts differently to filepath.Base, since Windows uses a different path separator \ vs. /, allowing a user to provide a relative path, i.e...

CVE-2022-30636 Limited directory traversal vulnerability on Windows in golang.org/x/crypto

httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token value to lookup in the DirCache implementation. On Windows, path.Base acts differently to filepath.Base, since Windows uses a different path separator \ vs. /, allowing a user to provide a relative path, i.e...

CVE-2022-30636

httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token value to lookup in the DirCache implementation. On Windows, path.Base acts differently to filepath.Base, since Windows uses a different path separator \ vs. /, allowing a user to provide a relative path, i.e...

CVE-2024-22231

Removed by vendor...

SaltStack 3000 < 3002.8 / 3003 < 3003.4 / 3004 < 3004.1 Multiple Vulnerabilities

According to its self-reported version number, the instance of SaltStack hosted on the remote server is affected by multiple vulnerabilities: - After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests...

Information Disclosure

Salt masters is vulnerable to Information Disclosure. This vulnerability is due to the cache directory having same base name across different environments. This could lead to sensitive data from one environment being exposed to another environment...

Oracle Linux 7 : kubernetes (ELSA-2019-4716)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-4716 advisory. - OLCNE-494 CVE-2019-11244 fix CVE-2019-11244: 'kubectl --http-cache=' Tenable has extracted the preceding description block directly from the Oracle Linux...