VulnerableCode Vulnerability Details - VCID-2db5-ek61-2bdx

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-2db5-ek61-2bdx

Essentials
Severities (2)
References (16)
Severity details (1)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-2db5-ek61-2bdx
Aliases	CVE-2018-15750 GHSA-jx34-pppm-gjvr PYSEC-2018-29
Summary	Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00912	https://api.first.org/data/v1/epss?cve=CVE-2018-15750
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-jx34-pppm-gjvr

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html
		https://api.first.org/data/v1/epss?cve=CVE-2018-15750
		https://docs.saltstack.com/en/2017.7/topics/releases/2017.7.8.html
		https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html
		https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2018-29.yaml
		https://github.com/saltstack/salt
		https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/2016.11.10.rst#L15
		https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/2017.7.8.rst#L28
		https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/2018.3.3.rst#L58
		https://groups.google.com/d/msg/salt-users/dimVF7rpphY/jn3Xv3MbBQAJ
		https://groups.google.com/d/msg/salt-users/L9xqcJ0UXxs/qgDj42obBQAJ
		https://lists.debian.org/debian-lts-announce/2020/07/msg00024.html
		https://usn.ubuntu.com/4459-1
		https://usn.ubuntu.com/4459-1/
CVE-2018-15750		https://nvd.nist.gov/vuln/detail/CVE-2018-15750
GHSA-jx34-pppm-gjvr		https://github.com/advisories/GHSA-jx34-pppm-gjvr

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.76196
EPSS Score	0.00912
Published At	May 30, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-30T20:18:00.438867+00:00	Pypa Importer	Import	https://github.com/pypa/advisory-database/blob/main/vulns/salt/PYSEC-2018-29.yaml	38.6.0