[3.8] salt: Multiple vulnerabilities (CVE-2018-15750, CVE-2018-15751)
CVE-2018-15750: Directory Traversal vulnerability in salt-api in
SaltStack Salt before 2017.7.8 and 2018.3.x
before 2018.3.3 allows remote attackers to determine which files exist
on the server.
Fixed In Version:
salt 2017.7.8, salt 2018.3.3
References:
https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html
https://nvd.nist.gov/vuln/detail/CVE-2018-15750
CVE-2018-15751: SaltStack Salt before 2017.7.8 and 2018.3.x before
2018.3.3 allow remote attackers to bypass
authentication and execute arbitrary commands via salt-api(netapi).
Fixed In Version:
salt 2017.7.8, salt 2018.3.3
References:
https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html
https://nvd.nist.gov/vuln/detail/CVE-2018-15751
(from redmine: issue id 9672, created on 2018-11-21, closed on 2018-11-28)
- Changesets:
- Revision df12aa92 by Natanael Copa on 2018-11-27T15:37:42Z:
community/salt: security upgrade to 2018.3.3 (CVE-2018-15750,CVE-2018-15751)
fixes #9672