CVE-2025-22238
MEDIUM4.2EPSS 0.34%Salt vulnerable to directory traversal attack in minion file cache creation
發布日:2025/6/13修改日:2025/6/13
描述
Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory.
受影響套件(1)
- PyPI/salt>= 3006.0rc1, < 3006.12
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.2 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-22238
- PATCHhttps://github.com/saltstack/salt
- WEBhttps://docs.saltproject.io/en/3006/topics/releases/3006.12.html
- WEBhttps://docs.saltproject.io/en/3007/topics/releases/3007.4.html
- WEBhttps://github.com/saltstack/salt/commit/4b30218edf1a979855ea191d72b30c89f4a5a582