salt 3005rc1 vulnerabilities

Known vulnerabilities in the salt package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Directory Traversal salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more. Affected versions of this package are vulnerable to Directory Traversal via the `find_file` function in the GitFS class, where a path is constructed using unvalidated input from the `tgt_env` variable. An attacker can create arbitrary directories or delete files that the Master's process has permissions to by supplying crafted input. How to fix Directory Traversal? Upgrade `salt` to version 3006.12, 3007.4 or higher.	[,3006.12)[3007.0rc1,3007.4)
M Improper Certificate Validation salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more. Affected versions of this package are vulnerable to Improper Certificate Validation via the `VirtKey` process when on-demand pillar data is requested and unvalidated input is used to construct paths to the pki directory. An attacker can overwrite file contents and potentially auto-accept Minion authentication keys by placing a crafted authorization file at a specific location. Note: This is only exploitable if the default configuration is used, which enables this functionality. How to fix Improper Certificate Validation? Upgrade `salt` to version 3006.12, 3007.4 or higher.	[,3006.12)[3007.0rc1,3007.4)
M Directory Traversal salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more. Affected versions of this package are vulnerable to Directory Traversal via the `minion file cache creation` process. An attacker can write or overwrite files outside of the intended cache directory by supplying crafted input that exploits path traversal. How to fix Directory Traversal? Upgrade `salt` to version 3006.12, 3007.4 or higher.	[,3006.12)[3007.0rc1,3007.4)
M Incorrect Permission Assignment for Critical Resource salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more. Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource via the `_minion_event` method. An attacker can inject unauthorized events onto the master's event bus by sending crafted requests from an authorized minion. How to fix Incorrect Permission Assignment for Critical Resource? Upgrade `salt` to version 3006.12, 3007.4 or higher.	[,3006.12)[3007.0rc1,3007.4)
M Improper Certificate Validation salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more. Affected versions of this package are vulnerable to Improper Certificate Validation due to improper authentication in the `salt.auth.pki` module. An attacker can gain unauthorized access by providing only a public certificate in the `password` field, which is accepted without requiring the corresponding private key. How to fix Improper Certificate Validation? A fix was pushed into the `master` branch but not yet published.	[0,)
M Improper Validation of Specified Type of Input salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more. Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via the `pub_ret` method due to unsanitized input in the `jid` parameter used to construct file paths. An attacker can cause the worker process to become unresponsive or crash by supplying a crafted value that targets a special file, such as a pipe node in the proc file system, resulting in a denial of service. How to fix Improper Validation of Specified Type of Input? Upgrade `salt` to version 3006.12, 3007.4 or higher.	[,3006.12)[3007.0rc1,3007.4)
M Replay Attack salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more. Affected versions of this package are vulnerable to Replay Attack via the `request server` process when a TLS encrypted transport is not used. An attacker can replay previously captured requests by intercepting and resending them over an unencrypted channel. How to fix Replay Attack? Upgrade `salt` to version 3006.12, 3007.4 or higher.	[,3006.12)[3007.0rc1,3007.4)
M Improper Certificate Validation salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more. Affected versions of this package are vulnerable to Improper Certificate Validation due to the skipping of minion token validation in multiple methods. An attacker can impersonate another minion by sending crafted requests to the master. How to fix Improper Certificate Validation? Upgrade `salt` to version 3006.12, 3007.4 or higher.	[,3006.12)[3007.0rc1,3007.4)
H Arbitrary Command Injection salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more. Affected versions of this package are vulnerable to Arbitrary Command Injection via the `on demand` pillar process when a specially crafted git URL is provided. An attacker can execute arbitrary commands on the master with the same privileges as the master process by exploiting access to a minion key. How to fix Arbitrary Command Injection? Upgrade `salt` to version 3006.12, 3007.4 or higher.	[,3006.12)[3007.0rc1,3007.4)
M Directory Traversal salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more. Affected versions of this package are vulnerable to Directory Traversal via the `recv_file` function. An attacker can write arbitrary files to the master cache directory by sending crafted requests. How to fix Directory Traversal? Upgrade `salt` to version 3006.12, 3007.4 or higher.	[,3006.12)[3007.0rc1,3007.4)
H Directory Traversal salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more. Affected versions of this package are vulnerable to Directory Traversal via the `serve_file` method, due to insufficient checks in the `salt/fileserver/roots.py` file. How to fix Directory Traversal? Upgrade `salt` to version 3005.5 or higher.	[,3005.5)
H Directory Traversal salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more. Affected versions of this package are vulnerable to Directory Traversal when establishing the syndic cache directory on the master. How to fix Directory Traversal? Upgrade `salt` to version 3005.5 or higher.	[,3005.5)
M Improper Access Control salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more. Affected versions of this package are vulnerable to Improper Access Control. The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH. How to fix Improper Access Control? Upgrade `salt` to version 3005.4, 3006.4 or higher.	[,3005.4)[3006.0rc1,3006.4)
M Information Exposure salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more. Affected versions of this package are vulnerable to Information Exposure and other possible impacts, due to a hash collision when using Git Providers reading from different environments. If Git Providers read from the wrong environment because they get the same cache directory base name, they could get bad data or unintended data. This could also lead to wrongful executions, data corruption or a crash. How to fix Information Exposure? Upgrade `salt` to version 3005.2, 3006.2 or higher.	[,3005.2)[3006.0rc1,3006.2)
H Denial of Service (DoS) salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more. Affected versions of this package are vulnerable to Denial of Service (DoS) in the error message decoding mechanism in minion return. If the request server receives a number of requests equal to the number of worker threads, the master will become unresponsive to return requests until it is restarted. How to fix Denial of Service (DoS)? Upgrade `salt` to version 3005.2, 3006.2 or higher.	[,3005.2)[3006.0rc1,3006.2)
H Buffer Overflow salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more. Affected versions of this package are vulnerable to Buffer Overflow via the `status` function. How to fix Buffer Overflow? There is no fixed version for `salt`.	[0,)

Vulnerability

Vulnerable Version

Directory Traversal

salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more.

Affected versions of this package are vulnerable to Directory Traversal via the find_file function in the GitFS class, where a path is constructed using unvalidated input from the tgt_env variable. An attacker can create arbitrary directories or delete files that the Master's process has permissions to by supplying crafted input.

How to fix Directory Traversal?

Upgrade salt to version 3006.12, 3007.4 or higher.

[,3006.12)[3007.0rc1,3007.4)

Improper Certificate Validation

Affected versions of this package are vulnerable to Improper Certificate Validation via the VirtKey process when on-demand pillar data is requested and unvalidated input is used to construct paths to the pki directory. An attacker can overwrite file contents and potentially auto-accept Minion authentication keys by placing a crafted authorization file at a specific location.

Note:

This is only exploitable if the default configuration is used, which enables this functionality.

How to fix Improper Certificate Validation?

Upgrade salt to version 3006.12, 3007.4 or higher.

[,3006.12)[3007.0rc1,3007.4)

Directory Traversal

Affected versions of this package are vulnerable to Directory Traversal via the minion file cache creation process. An attacker can write or overwrite files outside of the intended cache directory by supplying crafted input that exploits path traversal.

How to fix Directory Traversal?

Upgrade salt to version 3006.12, 3007.4 or higher.

[,3006.12)[3007.0rc1,3007.4)

Incorrect Permission Assignment for Critical Resource

Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource via the _minion_event method. An attacker can inject unauthorized events onto the master's event bus by sending crafted requests from an authorized minion.

How to fix Incorrect Permission Assignment for Critical Resource?

Upgrade salt to version 3006.12, 3007.4 or higher.

[,3006.12)[3007.0rc1,3007.4)

Improper Certificate Validation

Affected versions of this package are vulnerable to Improper Certificate Validation due to improper authentication in the salt.auth.pki module. An attacker can gain unauthorized access by providing only a public certificate in the password field, which is accepted without requiring the corresponding private key.

How to fix Improper Certificate Validation?

A fix was pushed into the master branch but not yet published.

[0,)

Improper Validation of Specified Type of Input

Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via the pub_ret method due to unsanitized input in the jid parameter used to construct file paths. An attacker can cause the worker process to become unresponsive or crash by supplying a crafted value that targets a special file, such as a pipe node in the proc file system, resulting in a denial of service.

How to fix Improper Validation of Specified Type of Input?

Upgrade salt to version 3006.12, 3007.4 or higher.

[,3006.12)[3007.0rc1,3007.4)

Replay Attack

Affected versions of this package are vulnerable to Replay Attack via the request server process when a TLS encrypted transport is not used. An attacker can replay previously captured requests by intercepting and resending them over an unencrypted channel.

How to fix Replay Attack?

Upgrade salt to version 3006.12, 3007.4 or higher.

[,3006.12)[3007.0rc1,3007.4)

Improper Certificate Validation

Affected versions of this package are vulnerable to Improper Certificate Validation due to the skipping of minion token validation in multiple methods. An attacker can impersonate another minion by sending crafted requests to the master.

How to fix Improper Certificate Validation?

Upgrade salt to version 3006.12, 3007.4 or higher.

[,3006.12)[3007.0rc1,3007.4)

Arbitrary Command Injection

Affected versions of this package are vulnerable to Arbitrary Command Injection via the on demand pillar process when a specially crafted git URL is provided. An attacker can execute arbitrary commands on the master with the same privileges as the master process by exploiting access to a minion key.

How to fix Arbitrary Command Injection?

Upgrade salt to version 3006.12, 3007.4 or higher.

[,3006.12)[3007.0rc1,3007.4)

Directory Traversal

Affected versions of this package are vulnerable to Directory Traversal via the recv_file function. An attacker can write arbitrary files to the master cache directory by sending crafted requests.

How to fix Directory Traversal?

Upgrade salt to version 3006.12, 3007.4 or higher.

[,3006.12)[3007.0rc1,3007.4)

Directory Traversal

Affected versions of this package are vulnerable to Directory Traversal via the serve_file method, due to insufficient checks in the salt/fileserver/roots.py file.

How to fix Directory Traversal?

Upgrade salt to version 3005.5 or higher.

[,3005.5)

Directory Traversal

Affected versions of this package are vulnerable to Directory Traversal when establishing the syndic cache directory on the master.

How to fix Directory Traversal?

Upgrade salt to version 3005.5 or higher.

[,3005.5)

Improper Access Control

Affected versions of this package are vulnerable to Improper Access Control. The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH.

How to fix Improper Access Control?

Upgrade salt to version 3005.4, 3006.4 or higher.

[,3005.4)[3006.0rc1,3006.4)

Information Exposure

Affected versions of this package are vulnerable to Information Exposure and other possible impacts, due to a hash collision when using Git Providers reading from different environments. If Git Providers read from the wrong environment because they get the same cache directory base name, they could get bad data or unintended data. This could also lead to wrongful executions, data corruption or a crash.

How to fix Information Exposure?

Upgrade salt to version 3005.2, 3006.2 or higher.

[,3005.2)[3006.0rc1,3006.2)

Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) in the error message decoding mechanism in minion return. If the request server receives a number of requests equal to the number of worker threads, the master will become unresponsive to return requests until it is restarted.

How to fix Denial of Service (DoS)?

Upgrade salt to version 3005.2, 3006.2 or higher.

[,3005.2)[3006.0rc1,3006.2)

Buffer Overflow

Affected versions of this package are vulnerable to Buffer Overflow via the status function.

How to fix Buffer Overflow?

There is no fixed version for salt.

[0,)

salt@3005rc1 vulnerabilities

Portable, distributed, remote execution and configuration management system

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities

How to fix?