Open Redirect Affecting salt-bash-completion package, versions <3006.0-150200.101.2


Severity

Recommended
medium

Based on SUSE Linux Enterprise Server security rating.

Threat Intelligence

EPSS
1.13% (63rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-SLES152-SALTBASHCOMPLETION-5817093
  • published3 Aug 2023
  • disclosed2 Aug 2023

Introduced: 2 Aug 2023

CVE-2023-28370  (opens in a new tab)
CWE-601  (opens in a new tab)

How to fix?

Upgrade SLES:15.2 salt-bash-completion to version 3006.0-150200.101.2 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream salt-bash-completion package and not the salt-bash-completion package as distributed by SLES. See How to fix? for SLES:15.2 relevant fixed versions and status.

Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.

CVSS Base Scores

version 3.1