Описание
Arbitrary directory creation or file deletion. In the find_file method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgt_env” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to.
EPSS
Процентиль: 4%
0.0002
Низкий
6.3 Medium
CVSS3
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 6.3
ubuntu
3 месяца назад
Arbitrary directory creation or file deletion. In the find_file method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgt_env” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to.
CVSS3: 6.3
debian
3 месяца назад
Arbitrary directory creation or file deletion. In the find_file method ...
CVSS3: 6.3
github
3 месяца назад
Salt allows arbitrary directory creation or file deletion
EPSS
Процентиль: 4%
0.0002
Низкий
6.3 Medium
CVSS3
Дефекты
CWE-22