"CVE-2024-22231 Description: Syndic cache directory creation is vulnerable to a directory traversal attack. Impact: An arbitrary directory can be created on a Salt master. " "CVE-2024-22232 Description: A specially crafted url can be created which leads to a directory traversal in the salt file server. Impact: An arbitrary file can be read from a Salt master’s filesystem." Please cleanup <3005.5 and <3006.6.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=287c89a2f81a4c96109fce9a1d9172223043bd55 commit 287c89a2f81a4c96109fce9a1d9172223043bd55 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-12-07 11:25:36 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-12-07 11:25:59 +0000 [ GLSA 202412-09 ] Salt: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/916512 Bug: https://bugs.gentoo.org/925021 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202412-09.xml | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+)
