CVE-2018-15750

CWE-22Path Traversal13 documents7 sources
Severity
5.3MEDIUM
EPSS
0.9%
top 24.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Saltstack Salt
Timeline
PublishedOct 24
Latest updateMay 13

Description

Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

NVDsaltstack/salt2018.3.02018.3.3+1
PyPIsalt2018.3.02018.3.3+3
Ubuntusalt< 2015.8.8+ds-1ubuntu0.1+1

🔴Vulnerability Details

5
GHSA
SaltStack Salt Directory Traversal vulnerability in salt-api2022-05-13
OSV
SaltStack Salt Directory Traversal vulnerability in salt-api2022-05-13
OSV
salt vulnerabilities2020-08-13
OSV
CVE-2018-15750: Directory Traversal vulnerability in salt-api in SaltStack Salt before 20172018-10-24
CVEList
CVE-2018-15750: Directory Traversal vulnerability in salt-api in SaltStack Salt before 20172018-10-24

📋Vendor Advisories

3
Ubuntu
Salt vulnerabilities2021-03-15
Ubuntu
Salt vulnerabilities2020-08-13
Red Hat
salt: Directory traversal in salt-api allows remote attackers to identitfy arbitrary files2018-10-25

💬Community

4
Bugzilla
CVE-2018-15750 salt: Directory traversal in salt-api allows remote attackers to identitfy arbitrary files2018-10-31
Bugzilla
CVE-2018-15750 salt: Directory traversal in salt-api allows remote attackers to identitfy arbitrary files [fedora-all]2018-10-31
Bugzilla
CVE-2018-15750 heketi: salt: Directory traversal in salt-api allows remote attackers to identitfy arbitrary files [fedora-all]2018-10-31
Bugzilla
CVE-2018-15750 salt: Directory traversal in salt-api allows remote attackers to identitfy arbitrary files [epel-all]2018-10-31
CVE-2018-15750 (MEDIUM CVSS 5.3) | Directory Traversal vulnerability i | cvebase.io