| Summary: | <app-admin/salt-{3005.5,3006.6}: multiple vulnerabilities | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | CONFIRMED --- | ||
| Severity: | minor | CC: | chutzpah |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://saltproject.io/security-announcements/2024-01-31-advisory/ | ||
| Whiteboard: | B4 [glsa?] | ||
| Package list: | Runtime testing required: | --- | |
"CVE-2024-22231 Description: Syndic cache directory creation is vulnerable to a directory traversal attack. Impact: An arbitrary directory can be created on a Salt master. " "CVE-2024-22232 Description: A specially crafted url can be created which leads to a directory traversal in the salt file server. Impact: An arbitrary file can be read from a Salt master’s filesystem." Please cleanup <3005.5 and <3006.6.