cbcvebase.
CVE-2023-34049
published 2024-11-14

CVE-2023-34049: The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an…

PriorityP430medium6.7CVSS 3.1
AVLACHPRLUIRSUCHIHAH
EPSS
0.19%
8.5th percentile
The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH. Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.

Affected

4 ranges
VendorProductVersion rangeFixed in
saltsalt>= 3004 < 3006.43006.4
saltsalt>= 3005 < 3005.43005.4
saltstacksalt>= 0 < 3005.43005.4
saltstacksalt>= 3006.0rc1 < 3006.43006.4

CVSS provenance

nvdv3.16.7MEDIUMCVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
osv6.7MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.