Количество 10
Количество 10
CVE-2023-34049
The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH. Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.
CVE-2023-34049
The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH. Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.
CVE-2023-34049
The Salt-SSH pre-flight option copies the script to the target at a pr ...
SUSE-SU-2023:4390-1
Security update for salt
SUSE-SU-2023:4389-1
Security update for salt
SUSE-SU-2023:4388-1
Security update for salt
SUSE-SU-2023:4387-1
Security update for salt
SUSE-SU-2023:4386-1
Security update for salt
GHSA-4277-m35q-7c9w
Salt preflight script could be attacker controlled
ROS-20240412-04
Множественные уязвимости salt
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-34049 The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH. Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails. | CVSS3: 6.7 | 0% Низкий | 7 месяцев назад |
 | CVE-2023-34049 The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH. Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails. | CVSS3: 6.7 | 0% Низкий | 7 месяцев назад |
| CVE-2023-34049 The Salt-SSH pre-flight option copies the script to the target at a pr ... | CVSS3: 6.7 | 0% Низкий | 7 месяцев назад |
 | SUSE-SU-2023:4390-1 Security update for salt | 0% Низкий | больше 1 года назад | |
| SUSE-SU-2023:4389-1 Security update for salt | 0% Низкий | больше 1 года назад | |
| SUSE-SU-2023:4388-1 Security update for salt | 0% Низкий | больше 1 года назад | |
| SUSE-SU-2023:4387-1 Security update for salt | 0% Низкий | больше 1 года назад | |
| SUSE-SU-2023:4386-1 Security update for salt | 0% Низкий | больше 1 года назад | |
| GHSA-4277-m35q-7c9w Salt preflight script could be attacker controlled | CVSS3: 6.7 | 0% Низкий | 7 месяцев назад |
 | ROS-20240412-04 Множественные уязвимости salt | CVSS3: 8.1 | около 1 года назад |
Уязвимостей на страницу