Описание
An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory.
A flaw was found in Salt. A privilege escalation is possible on a SaltStack minion when an unprivileged user can create files in any non-blacklisted directory via command injection in a process name. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Отчет
Salt has been deprecated as of Red Hat Ceph Storage 2.5, as Salt was used to install RHSCON-2 and RHSCON-2 has reached End Of Life.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 2 | salt | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
7 High
CVSS3
Связанные уязвимости
An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory.
An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory.
An issue was discovered in SaltStack Salt before 3002.5. The minion's ...
SaltStack Salt command injection via a crafted process name
Уязвимость системы управления конфигурациями и удалённого выполнения операций SaltStack Salt, позволяющая нарушителю локально повысить привилегии.
EPSS
7 High
CVSS3