CVE-2023-34049

CVSS v3.1

6.7

Medium

Vector

AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Salt-SSH (affected versions not specified)

Description The issue concerns a predictable script path in the Salt-SSH pre-flight option, allowing an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs, they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH. This could lead to privilege escalation.

Recommendations To resolve the issue, do not make the copy path on the target predictable and ensure that return codes of the scp command are checked if the copy fails. As a temporary workaround, consider restricting access to the Salt-SSH pre-flight option until a more secure configuration can be implemented. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-340

Related Identifiers

ALT-PU-2023-6879

ALT-PU-2023-6995

ALT-PU-2023-8079

ALT-PU-2025-1673

CVE-2023-34049

GHSA-4277-M35Q-7C9W

OPENSUSE-SU-2023_4386-1

OPENSUSE-SU-2023_4387-1

OPENSUSE-SU-2023_4388-1

SUSE-SU-2023:4386-1

SUSE-SU-2023:4387-1

SUSE-SU-2023:4388-1

SUSE-SU-2023:4389-1

SUSE-SU-2023:4390-1

SUSE-SU-2023:4412-1

SUSE-SU-2023:4748-1

SUSE-SU-2023:4749-1

SUSE-SU-2023:4757-1

SUSE-SU-2023_4386-1

SUSE-SU-2023_4387-1

SUSE-SU-2023_4388-1

SUSE-SU-2023_4389-1

SUSE-SU-2023_4390-1

Affected Products

Alt Linux

Red Os

Salt-Ssh

Suse

CVE-2023-34049

Weakness Enumeration

Related Identifiers

Affected Products

References · 61