Exposure of Resource to Wrong Sphere in salt
High severity
GitHub Reviewed
Published
Nov 21, 2021
to the GitHub Advisory Database
•
Updated Dec 21, 2023
Description
Published by the National Vulnerability Database
Sep 8, 2021
Published to the GitHub Advisory Database
Nov 21, 2021
Reviewed
Jul 5, 2022
Last updated
Dec 21, 2023
An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.
References