Описание
File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location and is present in the default configuration.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/bionic | needs-triage | |
| esm-apps/jammy | needs-triage | |
| esm-apps/xenial | needs-triage | |
| esm-infra-legacy/trusty | needs-triage | |
| jammy | needs-triage | |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE | |
| questing | DNE |
Показывать по
EPSS
5.6 Medium
CVSS3
Связанные уязвимости
File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location and is present in the default configuration.
File contents overwrite the VirtKey class is called when \u201con-dema ...
Уязвимость функции VirtKey системы управления конфигурациями и удалённого выполнения операций Salt, позволяющая нарушителю обойти установленные ограничения безопасности
EPSS
5.6 Medium
CVSS3