CVE-2014-3563 — SaltStack Salt Insecure Temporary File Creation

Description

Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.

How to fix CVE-2014-3563

To remediate CVE-2014-3563, upgrade the affected package to a fixed version below.

PyPI/salt—upgrade to 2014.1.10 or later
PyPI/salt—upgrade to 2014.1.10 or later

Is CVE-2014-3563 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 2014.1.10
from 0, < 2014.1.10

References (8)

ADVISORYgithub.com/advisories/GHSA-mfr3-9cj8-h2qm
ADVISORYnvd.nist.gov/vuln/detail/CVE-2014-3563
PATCHgithub.com/saltstack/salt
WEBdocs.saltstack.com/en/latest/topics/releases/2014.1.10.html
WEB