Open Redirect Affecting salt package, versions <3006.0-150200.101.2


Severity

Recommended
0.0
low
0
10

Based on SUSE Linux Enterprise Server security rating.

Threat Intelligence

EPSS
0.11% (45th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Open Redirect vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-SLES152-SALT-5817119
  • published3 Aug 2023
  • disclosed2 Aug 2023

Introduced: 2 Aug 2023

CVE-2023-28370  (opens in a new tab)
CWE-601  (opens in a new tab)

How to fix?

Upgrade SLES:15.2 salt to version 3006.0-150200.101.2 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream salt package and not the salt package as distributed by SLES. See How to fix? for SLES:15.2 relevant fixed versions and status.

Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.

CVSS Scores

version 3.1