Published: 24/10/2018 Updated: 20/08/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Directory Traversal vulnerability in salt-api in SaltStack Salt prior to 2017.7.8 and 2018.3.x prior to 2018.3.3 allows remote malicious users to determine which files exist on the server.

Vulnerable Product	Search on Vulmon	Subscribe to Product
saltstack salt

Debian Bug report logs - #913475 salt: CVE-2018-15751: remote authentication bypass in salt-api(netapi) allows to execute arbitrary commands Package: src:salt; Maintainer for src:salt is Debian Salt Team <pkg-salt-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 11 Nov 20 ...

Directory Traversal vulnerability in salt-api in SaltStack Salt before 201778 and 20183x before 201833 allows remote attackers to determine which files exist on the server ...

CWE-22 https://groups.google.com/d/msg/salt-users/L9xqcJ0UXxs/qgDj42obBQAJ https://groups.google.com/d/msg/salt-users/dimVF7rpphY/jn3Xv3MbBQAJ https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html https://docs.saltstack.com/en/2017.7/topics/releases/2017.7.8.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html https://lists.debian.org/debian-lts-announce/2020/07/msg00024.html https://usn.ubuntu.com/4459-1/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913475 https://nvd.nist.gov

CVE-2018-15750

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect