CVE-2023-41040 — Vulnetix

CVE-2023-41040 PUBLISHED

Es besteht eine Schwachstelle in SaltStack Salt. Dieser Fehler besteht in der Komponente gitpython aufgrund einer blinden lokalen Dateieinbindung. Ein lokaler Angreifer kann diese Sicherheitslücke ausnutzen, um vertrauliche Informationen offenzulegen.

EPSS 0.36% · 58.4th percentile

Risk Scores

EPSS Score

0.36%

58.4th percentile

Affected Products

Vendor	Product	Versions
Debian	Debian Linux
Red Hat	Red Hat Enterprise Linux
Red Hat	Red Hat OpenStack < 17.1
Red Hat	Red Hat Ansible Automation Platform 2.4
Fedora	Fedora Linux

Timeline

Aug 30, 2023 CVE Published
Aug 31, 2023 EPSS Score
Aug 31, 2023 PoC Published
Sep 22, 2023 Fix PR Merged
Oct 3, 2023 EPSS Score
Nov 5, 2023 EPSS Score
Jan 9, 2024 EPSS Score
Feb 11, 2024 EPSS Score
Mar 15, 2024 EPSS Score
Apr 17, 2024 EPSS Score
May 19, 2024 EPSS Score
Jul 24, 2024 EPSS Score

References

https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2428.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2428 advisory
https://access.redhat.com/errata/RHSA-2024:0190 advisory
https://access.redhat.com/errata/RHSA-2024:0215 advisory
https://docs.saltproject.io/en/3005/topics/releases/3005.3.html advisory
https://github.com/advisories/GHSA-wfm5-v35h-vwf4 advisory
https://github.com/advisories/GHSA-cwvm-v4w8-q58c advisory
https://lists.debian.org/debian-lts-announce/2023/09/msg00036.html advisory
https://access.redhat.com/errata/RHSA-2024:0322 advisory
https://bodhi.fedoraproject.org/updates/FEDORA-2023-7b78427a7d advisory
https://access.redhat.com/errata/RHSA-2024:1640 advisory

Open in Interactive Console →