Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server when querying /run or /events. Upstream Changelog: https://docs.saltstack.com/en/2017.7/topics/releases/2017.7.8.html https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html
Created heketi tracking bugs for this issue: Affects: fedora-all [bug 1644485] Created salt tracking bugs for this issue: Affects: epel-all [bug 1644487] Affects: fedora-all [bug 1644486]
Until release 1.9 of Kubernetes there where configuration files for installing Kubernetes via Saltstack included in the Kubernetes repository. However the only supported configuration management solution for OpenShift Container Platform 3.x is Ansible [2], therefore OpenShift Container Platform 3.x is not affected by this issue.