A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s filesystem. https://saltproject.io/security-announcements/2024-01-31-advisory/
Created salt tracking bugs for this issue: Affects: fedora-all [bug 2294661]
This would affect EPEL but does not affect Fedora.