VulnerableCode Package Details - pkg:ebuild/app-admin/salt@3006.6

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-32tp-s4fd-v7h2	Path traversal in saltstack A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s filesystem.	CVE-2024-22232 GHSA-2qw3-2wv6-p64x
VCID-ce2x-ehyk-nufk	Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. Anything that uses Git Providers with different environments can get garbage data or the wrong data, which can lead to wrongful data disclosure, wrongful executions, data corruption and/or crash.	CVE-2023-20898 GHSA-qvh6-3j7x-3hq7 PYSEC-2023-169
VCID-nehw-r7zm-j7bb	Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted.	CVE-2023-20897 GHSA-vpjg-wmf8-29h9 PYSEC-2023-166
VCID-qr6n-rx38-6fd2	Directory creation by malicious user in saltstack Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master.	CVE-2024-22231 GHSA-q27c-j6j9-53w3
VCID-rnh5-7394-dfea	Salt preflight script could be attacker controlled The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH. Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.	CVE-2023-34049 GHSA-4277-m35q-7c9w

Vulnerability

Summary

Aliases

VCID-32tp-s4fd-v7h2

Path traversal in saltstack A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s filesystem.

CVE-2024-22232
GHSA-2qw3-2wv6-p64x

VCID-ce2x-ehyk-nufk

Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. Anything that uses Git Providers with different environments can get garbage data or the wrong data, which can lead to wrongful data disclosure, wrongful executions, data corruption and/or crash.

CVE-2023-20898
GHSA-qvh6-3j7x-3hq7
PYSEC-2023-169

VCID-nehw-r7zm-j7bb

Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted.

CVE-2023-20897
GHSA-vpjg-wmf8-29h9
PYSEC-2023-166

VCID-qr6n-rx38-6fd2

Directory creation by malicious user in saltstack Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master.

CVE-2024-22231
GHSA-q27c-j6j9-53w3

VCID-rnh5-7394-dfea

Salt preflight script could be attacker controlled The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH. Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.

CVE-2023-34049
GHSA-4277-m35q-7c9w

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T19:10:30.081914+00:00	Gentoo Importer	Fixing	VCID-32tp-s4fd-v7h2	https://security.gentoo.org/glsa/202412-09	38.6.0
2026-06-04T19:10:30.065373+00:00	Gentoo Importer	Fixing	VCID-qr6n-rx38-6fd2	https://security.gentoo.org/glsa/202412-09	38.6.0
2026-06-04T19:10:30.049770+00:00	Gentoo Importer	Fixing	VCID-rnh5-7394-dfea	https://security.gentoo.org/glsa/202412-09	38.6.0
2026-06-04T19:10:30.034185+00:00	Gentoo Importer	Fixing	VCID-ce2x-ehyk-nufk	https://security.gentoo.org/glsa/202412-09	38.6.0
2026-06-04T19:10:30.018340+00:00	Gentoo Importer	Fixing	VCID-nehw-r7zm-j7bb	https://security.gentoo.org/glsa/202412-09	38.6.0