Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Salt security advisory release - 2023-OCT-27
Vulnerability Description
The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH. Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
Salt 安全漏洞
Vulnerability Description
Salt是Salt项目的一个自动化、基础设施管理、数据驱动编排和远程执行应用程序。 Salt存在安全漏洞,该漏洞源于Salt-SSH预检选项会将脚本复制到目标的可预测路径,这允许攻击者强制Salt-SSH运行其脚本。
CVSS Information
N/A
Vulnerability Type
N/A