#VU15544 Path traversal in Salt - CVE-2018-15750

Cybersecurity Help s.r.o.

Published: 2018-10-25 | Updated: 2018-10-26

Vulnerability identifier: #VU15544

Vulnerability risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-15750

CWE-ID: CWE-22

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Salt
Web applications / Remote management & hosting panels

Vendor: SaltStack

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input processed by the salt-api component. A remote attacker can send a query request that submits malicious input, conduct directory traversal attack and determine what files exist on the system, and this information can be used to conduct further attacks.

Mitigation
The vulnerability has been addressed in the versions 2017.7.8, 2018.3.3.

Vulnerable software versions

Salt: 2017.7.0 - 2017.7.7, 2018.3.0 - 2018.3.2

External links
https://docs.saltstack.com/en/2017.7/topics/releases/2017.7.8.html
https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Dell EMC VxRail Appliance

SUSE update for salt

OpenSUSE Linux update for salt

Path traversal in salt (Alpine package)

Multiple vulnerabilities in SaltStack Salt