CVE-2014-3563Link Following in Salt

CWE-59Link Following8 documents6 sources
Severity
7.2HIGHNVD
EPSS
0.1%
top 65.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Saltstack Salt
Timeline
PublishedAug 22
Latest updateMay 17

Description

Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages3 packages

PyPIsaltstack/salt< 2014.1.10
Ubuntusaltstack/salt< 0.17.5+ds-1ubuntu0.1~esm1+1
NVDsaltstack/salt2014.1.9

Patches

Patch: docs.saltstack.comPatch: seclists.orgPatch: docs.saltstack.com

🔴Vulnerability Details

5
GHSA
SaltStack Salt Insecure Temporary File Creation2022-05-17
OSV
SaltStack Salt Insecure Temporary File Creation2022-05-17
OSV
salt vulnerabilities2021-03-15
OSV
CVE-2014-3563: Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 20142014-08-22
CVEList
CVE-2014-3563: Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 20142014-08-22

📋Vendor Advisories

1
Ubuntu
Salt vulnerabilities2021-03-15

💬Community

1
Bugzilla
CVE-2014-3563 salt: insecure tmp file creation in seed.py, salt-ssh, and salt-cloud2014-08-29
CVE-2014-3563 — Link Following in Saltstack Salt | cvebase