Lucene search
K

40 matches found

SUSE Linux
SUSE Linux
added 2025/07/23 12:43 p.m.5 views

Security update 5.0.5 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2024-38822: Fixed Minion token validation bsc1244561 CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 CVE-2024-38824: Fixed directory traversal...

9.6CVSS7.6AI score0.00982EPSS
Exploits0References52
OSV
OSV
added 2025/07/23 12:43 p.m.4 views

SUSE-SU-2025:02491-1 Security update 5.0.5 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Security issues fixed: - CVE-2024-38822: Fixed Minion token validation bsc1244561 - CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 - CVE-2024-38824: Fixed directory...

9.6CVSS7AI score0.00982EPSS
Exploits0References26
SUSE Linux
SUSE Linux
added 2025/07/23 12:41 p.m.8 views

Security update 5.0.5 for Multi-Linux Manager Client Tools

This update fixes the following issues: salt: Security issues fixed: CVE-2024-38822: Fixed Minion token validation bsc1244561 CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 CVE-2024-38824: Fixed directory traversal vulnerability in...

9.6CVSS7.5AI score0.00982EPSS
Exploits0References74
Veracode
Veracode
added 2025/06/18 10:9 a.m.4 views

Directory Traversal

Salt is vulnerable to Directory Traversal. The vulnerability is due to improper input validation due to the recvfile method allowing arbitrary files to be written to the master cache directory through crafted path input...

9.6CVSS7.1AI score0.00982EPSS
Exploits0References5Affected Software1
SUSE CVE
SUSE CVE
added 2025/06/14 3:4 a.m.4 views

SUSE CVE-2024-38824

Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...

9.6CVSS7.1AI score0.00982EPSS
Exploits0References23
RedhatCVE
RedhatCVE
added 2025/06/13 6:19 p.m.7 views

CVE-2025-22238

Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory. Mitigation Mitigation for this issue is either not available or the...

4.2CVSS4.2AI score0.00266EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/06/13 9:30 a.m.12 views

Salt vulnerable to directory traversal attack in file receiving method

Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...

9.6CVSS7.2AI score0.00982EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/06/13 9:30 a.m.6 views

GHSA-8PCP-R83J-FC92 Salt vulnerable to directory traversal attack in file receiving method

Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...

9.6CVSS7.2AI score0.00982EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2025/06/13 8:15 a.m.5 views

CVE-2024-38824

Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...

9.6CVSS5.9AI score0.00982EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2025/06/13 8:15 a.m.8 views

CVE-2024-38824

Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...

9.6CVSS7.3AI score0.00982EPSS
Exploits0References2
NVD
NVD
added 2025/06/13 8:15 a.m.14 views

CVE-2024-38824

Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...

9.6CVSS0.00982EPSS
Exploits0References2
OSV
OSV
added 2025/06/13 8:15 a.m.5 views

CVE-2024-38824

Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...

7.5CVSS6.1AI score
Exploits0References2
OSV
OSV
added 2025/06/13 8:15 a.m.4 views

UBUNTU-CVE-2024-38824

Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...

9.6CVSS5.9AI score0.00982EPSS
Exploits0References4
Snyk
Snyk
added 2025/06/13 7:43 a.m.2 views

Directory Traversal

Overview salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more. Affected versions of this package are vulnerable t...

9.6CVSS7.8AI score0.00982EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/06/13 7:15 a.m.8 views

CVE-2025-22238

Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory...

4.2CVSS7.2AI score0.00266EPSS
Exploits0References2
OSV
OSV
added 2025/06/13 7:15 a.m.3 views

UBUNTU-CVE-2025-22238

Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory...

4.2CVSS5.8AI score0.00266EPSS
Exploits0References4
CVE
CVE
added 2025/06/13 7:10 a.m.159 views

CVE-2024-38824

CVE-2024-38824 is a directory traversal vulnerability in the recv_file method that allows writing arbitrary files into the Salt master cache directory. Public references in multiple advisories (SUSE openSUSE/SUSE-SU-2025-02501/-02492/-02476, SUSE-2025-02492, -02500, -02502) confirm the flaw affec...

9.6CVSS9.3AI score0.00982EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/06/13 7:10 a.m.41 views

CVE-2024-38824 CVE-2024-38824 salt advisory

Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...

9.6CVSS0.00982EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:40 a.m.3 views

SUSE CVE-2013-1652

Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspecified vectors...

4.9CVSS6.8AI score0.01859EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2013/04/04 8:16 p.m.4 views

Puppet: HTTP GET request catalog retrieval

Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspecified vectors...

4.9CVSS6AI score0.01859EPSS
Exploits0References4
Rows per page
Query Builder