VDB
CVE-2024-22232
CVE-2024-22232
PUBLISHED
Es besteht eine Schwachstelle in SaltStack Salt. Dieser Fehler besteht im Dateisystem aufgrund einer unsachgemäßen Validierung von Dateipfaden während der Url-Übersetzung, was es erlaubt, beliebige Dateien aus dem Dateisystem eines Salt-Masters zu lesen. Ein entfernter, authentifizierter Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen.
EPSS 0.44% · 63.4th percentile
Risk Scores
EPSS Score
0.44%
63.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SUSE | SUSE Linux | |
| Gentoo | Gentoo Linux | |
| SaltStack | SaltStack Salt <3006.6 | |
| SaltStack | SaltStack Salt <3005.5 |
Timeline
- Jan 31, 2024 CVE Published
- Jun 27, 2024 EPSS Score
- Jul 19, 2024 EPSS Score
- Aug 11, 2024 EPSS Score
- Sep 2, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 17, 2024 EPSS Score
- Nov 6, 2024 Coalition ESS Score
- Nov 8, 2024 EPSS Score
- Dec 2, 2024 EPSS Score
- Dec 8, 2024 CVE Updated
- Dec 24, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0265.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0265 advisory
- https://saltproject.io/security-announcements/2024-01-31-advisory/ advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-February/017926.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-February/017928.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-February/017929.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-February/017930.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-February/017924.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-February/017927.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-May/018455.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-May/018456.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-May/018459.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-May/018457.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-May/018458.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-May/018462.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-May/018461.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-May/018460.html advisory
- https://security.gentoo.org/glsa/202412-09 advisory