An issue exists in SaltStack Salt prior to 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
saltstack salt |
||
fedoraproject fedora 33 |
||
fedoraproject fedora 34 |
||
fedoraproject fedora 35 |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
debian debian linux 11.0 |