Описание
Arbitrary directory creation or file deletion. In the find_file method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgt_env” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/bionic | needs-triage | |
| esm-apps/jammy | needs-triage | |
| esm-apps/xenial | needs-triage | |
| esm-infra-legacy/trusty | needs-triage | |
| jammy | needs-triage | |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE | |
| questing | DNE |
Показывать по
EPSS
6.3 Medium
CVSS3
Связанные уязвимости
Arbitrary directory creation or file deletion. In the find_file method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgt_env” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to.
Arbitrary directory creation or file deletion. In the find_file method ...
Salt allows arbitrary directory creation or file deletion
Уязвимость метода find_file системы управления конфигурациями и удалённого выполнения операций Salt, позволяющая нарушителю манипулировать структурами данных
EPSS
6.3 Medium
CVSS3