Bug 2294660 (CVE-2024-22232) - CVE-2024-22232 salt: Directory traversal in the salt file server
Summary: CVE-2024-22232 salt: Directory traversal in the salt file server
Keywords:
Status: NEW
Alias: CVE-2024-22232
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2294661
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-06-28 00:09 UTC by Pedro Sampaio
Modified: 2025-01-04 18:23 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Pedro Sampaio 2024-06-28 00:09:28 UTC
A specially crafted url can be created which leads to a directory traversal in the salt file server.
A malicious user can read an arbitrary file from a Salt master’s filesystem.

https://saltproject.io/security-announcements/2024-01-31-advisory/

Comment 1 Pedro Sampaio 2024-06-28 00:09:41 UTC
Created salt tracking bugs for this issue:

Affects: fedora-all [bug 2294661]

Comment 2 Jonathan Steffan 2025-01-04 18:23:24 UTC
This would affect EPEL but does not affect Fedora.


Note You need to log in before you can comment on or make changes to this bug.