Veracode Vulnerability DatabaseVERACODE:43201Information Disclosure
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%
Salt masters is vulnerable to Information Disclosure. This vulnerability is due to the cache directory having same base name across different environments. This could lead to sensitive data from one environment being exposed to another environment.
References
github.com/advisories/GHSA-qvh6-3j7x-3hq7
github.com/saltstack/salt/commit/6120bcac2ee79b6e8b104612941432841eb0c8c3
github.com/saltstack/salt/commit/dc108031e26287dcca17adf8e97c96bd73b8f48c
lists.fedoraproject.org/archives/list/[email protected]/message/OMWJIHQZXHK6FH2E3IWAZCYIRI7FLVOL/
saltproject.io/security-announcements/2023-08-10-advisory/
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%