CVE-2024-22232
published 2024-06-27CVE-2024-22232: A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt…
PriorityP347high7.7CVSS 3.1
AVNACLPRLUINSCCHINAN
EPSS
0.83%
52.9th percentile
A specially crafted url can be created which leads to a directory traversal in the salt file server.
A malicious user can read an arbitrary file from a Salt master’s filesystem.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| saltstack | salt | >= 0 < 3005.5 | 3005.5 |
| saltstack | salt | >= 3006.0 < 3006.6 | 3006.6 |
| vmware | salt_project | < 3005.5, 3006.6 | 3005.5, 3006.6 |
CVSS provenance
nvdv3.17.7HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
osv7.7HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Path traversal in saltstack
osv·2024-06-27
CVE-2024-22232 [HIGH] Path traversal in saltstack
Path traversal in saltstack
A specially crafted url can be created which leads to a directory traversal in the salt file server.
A malicious user can read an arbitrary file from a Salt master’s filesystem.
OSV
CVE-2024-22232: A specially crafted url can be created which leads to a directory traversal in the salt file server
osv·2024-06-27·CVSS 7.7
CVE-2024-22232 [HIGH] CVE-2024-22232: A specially crafted url can be created which leads to a directory traversal in the salt file server
A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s filesystem.
GHSA
Path traversal in saltstack
ghsa·2024-06-27
CVE-2024-22232 [HIGH] CWE-22 Path traversal in saltstack
Path traversal in saltstack
A specially crafted url can be created which leads to a directory traversal in the salt file server.
A malicious user can read an arbitrary file from a Salt master’s filesystem.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-06-27
Published