cbcvebase.
CVE-2018-15750
published 2018-10-24

CVE-2018-15750: Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files…

PriorityP434medium5.3CVSS 3.0
AVNACLPRNUINSUCLINAN
EPSS
4.24%
89.8th percentile
Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.

Affected

10 ranges
VendorProductVersion rangeFixed in
saltstacksalt< 2017.7.82017.7.8
saltstacksalt>= 0 < 2017.7.82017.7.8
saltstacksalt>= 0 < 2015.8.8+ds-1ubuntu0.12015.8.8+ds-1ubuntu0.1
saltstacksalt>= 0 < 2017.7.4+dfsg1-1ubuntu18.04.22017.7.4+dfsg1-1ubuntu18.04.2
saltstacksalt>= 0 < 0.17.5+ds-1ubuntu0.1~esm10.17.5+ds-1ubuntu0.1~esm1
saltstacksalt>= 0 < 2015.8.8+ds-1ubuntu0.1+esm12015.8.8+ds-1ubuntu0.1+esm1
saltstacksalt>= 2016.11.0 < 2016.11.102016.11.10
saltstacksalt>= 2017.7.0 < 2017.7.82017.7.8
saltstacksalt>= 2018.3.0 < 2018.3.32018.3.3
saltstacksalt>= 2018.3.0 < 2018.3.32018.3.3

CVSS provenance

nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv7.2HIGH
vendor_ubuntu7.2HIGH
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.