SaltStack Salt Insecure Temporary File Creation

GHSA-mfr3-9cj8-h2qm · CVE-2014-3563 · PYSEC-2014-18

Published May 17, 2022 · Modified Dec 1, 2024

Description

Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2014-3563
WEB https://exchange.xforce.ibmcloud.com/vulnerabilities/95392
WEB https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2014-18.yaml
PACKAGE https://github.com/saltstack/salt
WEB http://docs.saltstack.com/en/latest/topics/releases/2014.1.10.html
WEB http://seclists.org/oss-sec/2014/q3/428

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes