GHSA-6grp-75pq-c8cj

Source

https://github.com/advisories/GHSA-6grp-75pq-c8cj

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6grp-75pq-c8cj/GHSA-6grp-75pq-c8cj.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-6grp-75pq-c8cj

Aliases

CVE-2015-1839
PYSEC-2017-30

Published

2022-05-17T02:49:26Z

Modified

2024-12-01T05:27:55.469060Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

SaltStack has insecure /tmp file handling in salt/modules/chef.py

Details

modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.

Database specific

{
    "nvd_published_at": "2017-04-13T14:59:00Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [],
    "github_reviewed_at": "2024-04-30T08:35:10Z"
}

References

Affected packages

PyPI / salt

Package

Name: salt; View open source insights on deps.dev
Purl: pkg:pypi/salt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2014.7.4

Affected versions

0.*

0.8.7

0.8.9

0.9.0

0.9.1

0.9.2

0.9.3

0.9.4

0.9.5

0.9.6

0.9.7

0.9.8

0.9.9

0.9.9.1

0.10.0

0.10.1

0.10.2

0.10.3

0.10.4

0.10.5

0.11.0

0.11.1

0.12.0

0.12.1

0.13.0

0.13.1

0.13.2

0.13.3

0.14.0

0.14.1

0.15.0

0.15.1

0.15.2

0.15.3

0.15.90

0.16.0

0.16.1

0.16.2

0.16.3

0.16.4

0.17.0rc1

0.17.0

0.17.1

0.17.2

0.17.3

0.17.4

0.17.5

2014.*

2014.1.0rc1

2014.1.0rc2

2014.1.0rc3

2014.1.0

2014.1.1

2014.1.2

2014.1.3

2014.1.4

2014.1.5

2014.1.6

2014.1.7

2014.1.8

2014.1.9

2014.1.10

2014.1.11

2014.1.12

2014.1.13

2014.7.0rc1

2014.7.0rc2

2014.7.0rc3

2014.7.0rc4

2014.7.0rc5

2014.7.0rc6

2014.7.0rc7

2014.7.0

2014.7.1

2014.7.2

2014.7.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6grp-75pq-c8cj/GHSA-6grp-75pq-c8cj.json"