The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. https://saltproject.io/security-announcements/2023-10-27-advisory/index.html
Created salt tracking bugs for this issue: Affects: fedora-all [bug 2246982]