Jonathan Schlue

**Name of the Vulnerable Software and Affected Versions** SaltStack Salt versions prior to 3003.3 **Description** The issue is related to information disclosure in the error data area of the Salt configuration management and remote execution system. Exploitation of this issue allows a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. A user who has control of the `source` and `source hash` URLs can gain full file system access as root on a salt minion. **Recommendations** For SaltStack Salt versions prior to 3003.3, update to version 3003.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `source` and `source hash` URLs to minimize the risk of exploitation.