CVE-2024-38824

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-38824

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-38824.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-38824

Aliases

GHSA-8pcp-r83j-fc92

Downstream

SUSE-SU-2025:02476-1

SUSE-SU-2025:02491-1

SUSE-SU-2025:02492-1

SUSE-SU-2025:02499-1

SUSE-SU-2025:02500-1

SUSE-SU-2025:02501-1

SUSE-SU-2025:02502-1

SUSE-SU-2025:02534-1

SUSE-SU-2025:20487-1

SUSE-SU-2025:20504-1

UBUNTU-CVE-2024-38824

openSUSE-SU-2025:15295-1

Related

Published

2025-06-13T08:15:18.800Z

Modified

2026-03-23T05:13:14.526379074Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.

References

Affected packages

Git / github.com/saltstack/salt

Affected ranges

Type

GIT

Repo

https://github.com/saltstack/salt

Events

Introduced

86bb64dde27281d545ef46e1a42471a90c494197

Fixed

1245edf4005768674f1e893cd3939de66bb8a731

Introduced

31c9d0df191009207c72ea73abfd3a1e3a0e6425

Fixed

619f4e26e71b3cbef89c115f37a2a976eb567264

Database specific

{
    "versions": [
        {
            "introduced": "3006.0"
        },
        {
            "fixed": "3006.12"
        },
        {
            "introduced": "3007.0"
        },
        {
            "fixed": "3007.4"
        }
    ]
}

Affected versions

v3005.*

v3005.1-2

v3005.1-3

v3005.1-4

v3005.2

v3005.3

v3005.4

v3005.5

v3006.*

v3006.0

v3006.1

v3006.10

v3006.11

v3006.2

v3006.3

v3006.3_docs

v3006.4

v3006.5

v3006.6

v3006.7

v3006.8

v3006.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-38824.json"