SaltStack Salt Method Directory Traversal (CVE-2021-25282)

A directory traversal vulnerability exists in the WheelClient for Salt API, a component of SaltStack Salt. The vulnerability is due to improper validation of user-supplied in the pillarroots.write method...

PT-2021-7513 · Saltstack +3 · Saltstack Salt +3

Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions prior to 3002.5 Description: An issue was discovered in SaltStack Salt, where the salt.wheel.pillar roots.write method is vulnerable to directory traversal. This vulnerability is related to incorrect restriction of the...