VDB
CVE-2023-40590
CVE-2023-40590
PUBLISHED
Es besteht eine Schwachstelle in SaltStack Salt. Dieser Fehler besteht in der gitpython Komponente aufgrund eines nicht vertrauenswürdigen Suchpfades. Ein entfernter, anonymer Angreifer kann diese Schwachstelle zur Ausführung von beliebigem Code ausnutzen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
EPSS 0.37% · 59.2th percentile
Risk Scores
EPSS Score
0.37%
59.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fedora | Fedora Linux | |
| Red Hat | Red Hat Enterprise Linux | |
| Red Hat | Red Hat Ansible Automation Platform 2.4 | |
| Debian | Debian Linux | |
| Red Hat | Red Hat OpenStack < 17.1 |
Exploit Intelligence
- https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4 (nist-nvd)
- https://docs.python.org/3/library/subprocess.html#popen-constructor (circl)
- .safety-policy.yml (github-poc)
- .safety-policy.yml (github-poc)
- .safety-policy.yml (github-poc)
- .safety-policy.yml (github-poc)
- .safety-policy.yml (github-poc)
- .safety-policy.yml (github-poc)
- .safety-policy.yml (github-poc)
- .safety-policy.yml (github-poc)
…and 1 more exploits
Timeline
- Aug 28, 2023 CVE Published
- Aug 29, 2023 EPSS Score
- Oct 1, 2023 EPSS Score
- Nov 3, 2023 EPSS Score
- Dec 6, 2023 EPSS Score
- Jan 8, 2024 EPSS Score
- Feb 10, 2024 EPSS Score
- Mar 14, 2024 EPSS Score
- Apr 16, 2024 EPSS Score
- May 18, 2024 EPSS Score
- Jun 20, 2024 EPSS Score
- Jul 23, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2428.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2428 advisory
- https://access.redhat.com/errata/RHSA-2024:0190 advisory
- https://access.redhat.com/errata/RHSA-2024:0215 advisory
- https://docs.saltproject.io/en/3005/topics/releases/3005.3.html advisory
- https://github.com/advisories/GHSA-wfm5-v35h-vwf4 advisory
- https://github.com/advisories/GHSA-cwvm-v4w8-q58c advisory
- https://lists.debian.org/debian-lts-announce/2023/09/msg00036.html advisory
- https://access.redhat.com/errata/RHSA-2024:0322 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-7b78427a7d advisory
- https://access.redhat.com/errata/RHSA-2024:1640 advisory