CVE-2024-38824
published 2025-06-13CVE-2024-38824: Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.
high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| saltstack | salt | >= 3006.0 < 3006.12 | 3006.12 |
| saltstack | salt | >= 3006.0rc1 < 3006.12 | 3006.12 |
| saltstack | salt | >= 3007.0 < 3007.4 | 3007.4 |
| saltstack | salt | >= 3007.0rc1 < 3007.4 | 3007.4 |
| vmware | salt | >= 3006.x < 3006.12 | 3006.12 |
| vmware | salt | >= 3007.x < 3007.4 | 3007.4 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
osv7.5HIGH