40 matches found
Security update 5.0.5 for Multi-Linux Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2024-38822: Fixed Minion token validation bsc1244561 CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 CVE-2024-38824: Fixed directory traversal...
SUSE-SU-2025:02491-1 Security update 5.0.5 for Multi-Linux Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: - Security issues fixed: - CVE-2024-38822: Fixed Minion token validation bsc1244561 - CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 - CVE-2024-38824: Fixed directory...
Security update 5.0.5 for Multi-Linux Manager Client Tools
This update fixes the following issues: salt: Security issues fixed: CVE-2024-38822: Fixed Minion token validation bsc1244561 CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 CVE-2024-38824: Fixed directory traversal vulnerability in...
Directory Traversal
Salt is vulnerable to Directory Traversal. The vulnerability is due to improper input validation due to the recvfile method allowing arbitrary files to be written to the master cache directory through crafted path input...
SUSE CVE-2024-38824
Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...
CVE-2025-22238
Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory. Mitigation Mitigation for this issue is either not available or the...
Salt vulnerable to directory traversal attack in file receiving method
Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...
GHSA-8PCP-R83J-FC92 Salt vulnerable to directory traversal attack in file receiving method
Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...
CVE-2024-38824
Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...
CVE-2024-38824
Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...
CVE-2024-38824
Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...
CVE-2024-38824
Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...
UBUNTU-CVE-2024-38824
Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...
Directory Traversal
Overview salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more. Affected versions of this package are vulnerable t...
CVE-2025-22238
Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory...
UBUNTU-CVE-2025-22238
Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory...
CVE-2024-38824
CVE-2024-38824 is a directory traversal vulnerability in the recv_file method that allows writing arbitrary files into the Salt master cache directory. Public references in multiple advisories (SUSE openSUSE/SUSE-SU-2025-02501/-02492/-02476, SUSE-2025-02492, -02500, -02502) confirm the flaw affec...
CVE-2024-38824 CVE-2024-38824 salt advisory
Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...
SUSE CVE-2013-1652
Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspecified vectors...
Puppet: HTTP GET request catalog retrieval
Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspecified vectors...