CVE-2023-20898

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-20898
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-20898.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-20898
Aliases
Downstream
Related
Published
2023-09-05T11:15:33.300Z
Modified
2026-02-05T08:45:48.191561Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. Anything that uses Git Providers with different environments can get garbage data or the wrong data, which can lead to wrongful data disclosure, wrongful executions, data corruption and/or crash.

References

Affected packages

Git / github.com/saltstack/salt

Affected ranges

Type
GIT
Repo
https://github.com/saltstack/salt
Events
Introduced
86bb64dde27281d545ef46e1a42471a90c494197
Fixed
8f750fa7ae115c48c16ca03ef3f16e4ba76f921c
Fixed
c71ff9204ab5ae90b21b68cf3447be472a8db8f2

Affected versions

v3006.*
v3006.0
v3006.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-20898.json"