CVE-2023-34049
published 2024-11-14CVE-2023-34049: The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an…
PriorityP430medium6.7CVSS 3.1
AVLACHPRLUIRSUCHIHAH
EPSS
0.19%
8.5th percentile
The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH. Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| salt | salt | >= 3004 < 3006.4 | 3006.4 |
| salt | salt | >= 3005 < 3005.4 | 3005.4 |
| saltstack | salt | >= 0 < 3005.4 | 3005.4 |
| saltstack | salt | >= 3006.0rc1 < 3006.4 | 3006.4 |
CVSS provenance
nvdv3.16.7MEDIUMCVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
osv6.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Salt preflight script could be attacker controlled
ghsa·2024-11-14
CVE-2023-34049 [MEDIUM] CWE-340 Salt preflight script could be attacker controlled
Salt preflight script could be attacker controlled
The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH. Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.
OSV
Salt preflight script could be attacker controlled
osv·2024-11-14
CVE-2023-34049 [MEDIUM] Salt preflight script could be attacker controlled
Salt preflight script could be attacker controlled
The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH. Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.
OSV
CVE-2023-34049: The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script
osv·2024-11-14·CVSS 6.7
CVE-2023-34049 [MEDIUM] CVE-2023-34049: The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script
The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH. Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-11-14
Published