CVE-2024-22232

CVSS v3.1

7.7

High

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Salt (affected versions not specified)

Description The issue is related to the creation of specially crafted URLs, leading to directory traversal on the Salt file server. This can allow a malicious user to read arbitrary files from a Salt master's filesystem.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-200

Related Identifiers

ALT-PU-2024-2460

ALT-PU-2024-4288

ALT-PU-2024-7869

ALT-PU-2024-8995

ALT-PU-2025-1673

BDU:2024-04877

CVE-2024-22232

GHSA-2QW3-2WV6-P64X

OPENSUSE-SU-2024_0509-1

OPENSUSE-SU-2024_0510-1

OPENSUSE-SU-2024_0513-1

SUSE-SU-2024:0506-1

SUSE-SU-2024:0507-1

SUSE-SU-2024:0508-1

SUSE-SU-2024:0509-1

SUSE-SU-2024:0510-1

SUSE-SU-2024:0513-1

SUSE-SU-2024:1517-1

SUSE-SU-2024:1518-1

SUSE-SU-2024:1525-1

Affected Products

Alt Linux

Red Os

Salt

Suse

CVE-2024-22232

Weakness Enumeration

Related Identifiers

Affected Products

References · 86