CVE-2018-15750
published 2018-10-24CVE-2018-15750: Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files…
PriorityP434medium5.3CVSS 3.0
AVNACLPRNUINSUCLINAN
EPSS
4.24%
89.8th percentile
Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| saltstack | salt | < 2017.7.8 | 2017.7.8 |
| saltstack | salt | >= 0 < 2017.7.8 | 2017.7.8 |
| saltstack | salt | >= 0 < 2015.8.8+ds-1ubuntu0.1 | 2015.8.8+ds-1ubuntu0.1 |
| saltstack | salt | >= 0 < 2017.7.4+dfsg1-1ubuntu18.04.2 | 2017.7.4+dfsg1-1ubuntu18.04.2 |
| saltstack | salt | >= 0 < 0.17.5+ds-1ubuntu0.1~esm1 | 0.17.5+ds-1ubuntu0.1~esm1 |
| saltstack | salt | >= 0 < 2015.8.8+ds-1ubuntu0.1+esm1 | 2015.8.8+ds-1ubuntu0.1+esm1 |
| saltstack | salt | >= 2016.11.0 < 2016.11.10 | 2016.11.10 |
| saltstack | salt | >= 2017.7.0 < 2017.7.8 | 2017.7.8 |
| saltstack | salt | >= 2018.3.0 < 2018.3.3 | 2018.3.3 |
| saltstack | salt | >= 2018.3.0 < 2018.3.3 | 2018.3.3 |
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv7.2HIGH
vendor_ubuntu7.2HIGH
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
SaltStack Salt Directory Traversal vulnerability in salt-api
ghsa·2022-05-13
CVE-2018-15750 [MEDIUM] CWE-22 SaltStack Salt Directory Traversal vulnerability in salt-api
SaltStack Salt Directory Traversal vulnerability in salt-api
Directory Traversal vulnerability in salt-api in SaltStack Salt 2016.11.x before 2016.11.10, 2017.7.x before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.
OSV
SaltStack Salt Directory Traversal vulnerability in salt-api
osv·2022-05-13
CVE-2018-15750 [MEDIUM] SaltStack Salt Directory Traversal vulnerability in salt-api
SaltStack Salt Directory Traversal vulnerability in salt-api
Directory Traversal vulnerability in salt-api in SaltStack Salt 2016.11.x before 2016.11.10, 2017.7.x before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.
OSV
salt vulnerabilities
osv·2021-03-15·CVSS 7.2
CVE-2014-3563 [HIGH] salt vulnerabilities
salt vulnerabilities
It was discovered that Salt allowed remote attackers to write to
arbitrary files via a special crafted file. An attacker could use this
vulnerability to cause a DoS or possibly execute arbitrary code. This
issue only affected Ubuntu 14.04 ESM. (CVE-2014-3563)
Andreas Stieger discovered that Salt exposed git usernames and passwords
in log files. An attacker could use this issue to retrieve sensitive
information. This issue only affected Ubuntu 14.04 ESM. (CVE-2015-6918).
It was discovered that Salt exposed password authentication
credentials in log files. An attacker could use this issue to retrieve
sensitive information. This issue only affected Ubuntu 14.04 ESM.
(CVE-2015-6941)
It was discovered that Salt allowed remote attackers to write to
arbitrary files via a
OSV
salt vulnerabilities
osv·2020-08-13·CVSS 5.3
CVE-2018-15750 [MEDIUM] salt vulnerabilities
salt vulnerabilities
It was discovered that Salt allows remote attackers to determine which files
exist on the server. An attacker could use that to extract sensitive
information. (CVE-2018-15750)
It was discovered that Salt has a vulnerability that allows an user to bypass
authentication. An attacker could use that to extract sensitive information,
execute abritrary code or crash the server. (CVE-2018-15751)
It was discovered that Salt is vulnerable to command injection. This allows
an unauthenticated attacker with network access to the API endpoint to
execute arbitrary code on the salt-api host. (CVE-2019-17361)
It was discovered that Salt incorrectly validated method calls and
sanitized paths. A remote attacker could possibly use this issue to access
some methods without authenticat
OSV
CVE-2018-15750: Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017
osv·2018-10-24
CVE-2018-15750 CVE-2018-15750: Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017
Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.
Ubuntu
Salt vulnerabilities
vendor_ubuntu·2021-03-15·CVSS 7.2
CVE-2015-6918 [HIGH] Salt vulnerabilities
Title: Salt vulnerabilities
Summary: Several security issues were fixed in Salt.
It was discovered that Salt allowed remote attackers to write to
arbitrary files via a special crafted file. An attacker could use this
vulnerability to cause a DoS or possibly execute arbitrary code. This
issue only affected Ubuntu 14.04 ESM. (CVE-2014-3563)
Andreas Stieger discovered that Salt exposed git usernames and passwords
in log files. An attacker could use this issue to retrieve sensitive
information. This issue only affected Ubuntu 14.04 ESM. (CVE-2015-6918).
It was discovered that Salt exposed password authentication
credentials in log files. An attacker could use this issue to retrieve
sensitive information. This issue only affected Ubuntu 14.04 ESM.
(CVE-2015-6941)
It was discovered that Sal
Ubuntu
Salt vulnerabilities
vendor_ubuntu·2020-08-13·CVSS 5.3
CVE-2018-15750 [MEDIUM] Salt vulnerabilities
Title: Salt vulnerabilities
Summary: Several security issues were fixed in Salt.
It was discovered that Salt allows remote attackers to determine which files
exist on the server. An attacker could use that to extract sensitive
information. (CVE-2018-15750)
It was discovered that Salt has a vulnerability that allows an user to bypass
authentication. An attacker could use that to extract sensitive information,
execute abritrary code or crash the server. (CVE-2018-15751)
It was discovered that Salt is vulnerable to command injection. This allows
an unauthenticated attacker with network access to the API endpoint to
execute arbitrary code on the salt-api host. (CVE-2019-17361)
It was discovered that Salt incorrectly validated method calls and
sanitized paths. A remote attacker could possi
Red Hat
salt: Directory traversal in salt-api allows remote attackers to identitfy arbitrary files
vendor_redhat·2018-10-25·CVSS 5.3
CVE-2018-15750 [MEDIUM] CWE-22 salt: Directory traversal in salt-api allows remote attackers to identitfy arbitrary files
salt: Directory traversal in salt-api allows remote attackers to identitfy arbitrary files
Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.
Package: salt (Red Hat Ceph Storage 2) - Not affected
Package: heketi (Red Hat OpenShift Container Platform 3.10) - Not affected
Package: atomic-openshift (Red Hat OpenShift Container Platform 3.11) - Not affected
Package: cluster-autoscaler (Red Hat OpenShift Container Platform 3.11) - Not affected
Package: heketi (Red Hat Storage 3) - Not affected
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-15750 salt: Directory traversal in salt-api allows remote attackers to identitfy arbitrary files
bugzilla·2018-10-31·CVSS 5.3
CVE-2018-15750 [MEDIUM] CVE-2018-15750 salt: Directory traversal in salt-api allows remote attackers to identitfy arbitrary files
CVE-2018-15750 salt: Directory traversal in salt-api allows remote attackers to identitfy arbitrary files
Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server when querying /run or /events.
Upstream Changelog:
https://docs.saltstack.com/en/2017.7/topics/releases/2017.7.8.html
https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html
Discussion:
Created heketi tracking bugs for this issue:
Affects: fedora-all [bug 1644485]
Created salt tracking bugs for this issue:
Affects: epel-all [bug 1644487]
Affects: fedora-all [bug 1644486]
---
Until release 1.9 of Kubernetes there where configuration files for installing Kubernetes via Saltstack included in
Bugzilla
CVE-2018-15750 salt: Directory traversal in salt-api allows remote attackers to identitfy arbitrary files [fedora-all]
bugzilla·2018-10-31·CVSS 5.3
CVE-2018-15750 [MEDIUM] CVE-2018-15750 salt: Directory traversal in salt-api allows remote attackers to identitfy arbitrary files [fedora-all]
CVE-2018-15750 salt: Directory traversal in salt-api allows remote attackers to identitfy arbitrary files [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this
Bugzilla
CVE-2018-15750 heketi: salt: Directory traversal in salt-api allows remote attackers to identitfy arbitrary files [fedora-all]
bugzilla·2018-10-31·CVSS 5.3
CVE-2018-15750 [MEDIUM] CVE-2018-15750 heketi: salt: Directory traversal in salt-api allows remote attackers to identitfy arbitrary files [fedora-all]
CVE-2018-15750 heketi: salt: Directory traversal in salt-api allows remote attackers to identitfy arbitrary files [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOT
Bugzilla
CVE-2018-15750 salt: Directory traversal in salt-api allows remote attackers to identitfy arbitrary files [epel-all]
bugzilla·2018-10-31·CVSS 5.3
CVE-2018-15750 [MEDIUM] CVE-2018-15750 salt: Directory traversal in salt-api allows remote attackers to identitfy arbitrary files [epel-all]
CVE-2018-15750 salt: Directory traversal in salt-api allows remote attackers to identitfy arbitrary files [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issu
arXiv
Tracking Patches for Open Source Software Vulnerabilities
arxiv_fulltext·2023-09-30
Tracking Patches for Open Source Software Vulnerabilities
Tracking Patches for Open Source Software Vulnerabilities
Congying Xu
Also with Shanghai Key Laboratory of Data Science, and Shanghai Collaborative Innovation Center of Intelligent Visual Computing.
School of Computer Science
Fudan University
Shanghai
China
Bihuan Chen
[1]
Bihuan Chen is the corresponding author.
School of Computer Science
Fudan University
Shanghai
China
Chenhao Lu
[1]
School of Computer Science
Fudan University
Shanghai
China
Kaifeng Huang
[1]
School of Computer Science
Fudan University
Shanghai
China
Xin Peng
[1]
School of Computer Science
Fudan University
Shanghai
China
Yang Liu
School of Computer Science and Engineering
Nanyang Technological University
Singapore
## Abstract
Open source software (OSS) vulnerabilities threaten the security of software syste
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.htmlhttps://docs.saltstack.com/en/2017.7/topics/releases/2017.7.8.htmlhttps://docs.saltstack.com/en/latest/topics/releases/2018.3.3.htmlhttps://groups.google.com/d/msg/salt-users/L9xqcJ0UXxs/qgDj42obBQAJhttps://groups.google.com/d/msg/salt-users/dimVF7rpphY/jn3Xv3MbBQAJhttps://lists.debian.org/debian-lts-announce/2020/07/msg00024.htmlhttps://usn.ubuntu.com/4459-1/http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.htmlhttps://docs.saltstack.com/en/2017.7/topics/releases/2017.7.8.htmlhttps://docs.saltstack.com/en/latest/topics/releases/2018.3.3.htmlhttps://groups.google.com/d/msg/salt-users/L9xqcJ0UXxs/qgDj42obBQAJhttps://groups.google.com/d/msg/salt-users/dimVF7rpphY/jn3Xv3MbBQAJhttps://lists.debian.org/debian-lts-announce/2020/07/msg00024.htmlhttps://usn.ubuntu.com/4459-1/
2018-10-24
Published