Saltproject IO

Salt security advisory release - 2024-JAN-31

The Salt Project released a security update to Salt to address 2 vulnerabilities with severity rating of High and Medium. We recommend prioritizing this update. This is a security advisory release. This release includes fixing the following vulnerability:

CVE Details

CVE-2024-22231

  • Description: Syndic cache directory creation is vulnerable to a directory traversal attack.
  • Impact: An arbitrary directory can be created on a Salt master.
  • Solution: Validate directory creation path.
  • How to Mitigate: Upgrade Salt masters to 3005.5 or 3006.6
  • Attribution: Yudi Zhao (Huawei Nebula Security Lab), Chenwei Jiang (Huawei Nebula Security Lab)
  • Severity Rating: 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

CVE-2024-22232

  • Description: A specially crafted url can be created which leads to a directory traversal in the salt file server.
  • Impact: An arbitrary file can be read from a Salt master’s filesystem.
  • Solution: Validate file paths after url translation is performed. There has also been extra validation added to file roots file_find and serve_file methods.
  • How to Mitigate: Upgrade Salt masters to 3005.5 or 3006.6
  • Attribution: Yudi Zhao (Huawei Nebula Security Lab), Chenwei Jiang (Huawei Nebula Security Lab)
  • Severity Rating: 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Packages

Updated packages for the versions below can be found at https://repo.saltproject.io for these supported versions of Salt.

  • 3005.5
  • 3006.6
Security Announcement CVE Release