Project

General

Profile

Bug #9672

[3.8] salt: Multiple vulnerabilities (CVE-2018-15750, CVE-2018-15751)

Added by Alicha CH 2 months ago. Updated about 2 months ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
Start date:
11/21/2018
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:
CVE-2018-15750, CVE-2018-15751

Description

CVE-2018-15750: Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x
before 2018.3.3 allows remote attackers to determine which files exist on the server.

Fixed In Version:

salt 2017.7.8, salt 2018.3.3

References:

https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html
https://nvd.nist.gov/vuln/detail/CVE-2018-15750

CVE-2018-15751: SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass
authentication and execute arbitrary commands via salt-api(netapi).

Fixed In Version:

salt 2017.7.8, salt 2018.3.3

References:

https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html
https://nvd.nist.gov/vuln/detail/CVE-2018-15751

Associated revisions

Revision df12aa92 (diff)
Added by Natanael Copa about 2 months ago

community/salt: security upgrade to 2018.3.3 (CVE-2018-15750,CVE-2018-15751)

fixes #9672

History

#1 Updated by Natanael Copa about 2 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#2 Updated by Alicha CH about 2 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed

Also available in: Atom PDF