GHSA-hcjf-rp5h-g5h3

Source
https://github.com/advisories/GHSA-hcjf-rp5h-g5h3
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hcjf-rp5h-g5h3/GHSA-hcjf-rp5h-g5h3.json
Aliases
Published
2022-05-24T17:48:21Z
Modified
2024-02-16T08:09:20.783677Z
Details

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely).

References

Affected packages

PyPI / salt

Package

Name
salt

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2016.11.0
Fixed
3003rc1

Affected versions

2016.*

2016.11.0
2016.11.1
2016.11.2
2016.11.3
2016.11.4
2016.11.5
2016.11.6
2016.11.7
2016.11.8
2016.11.9
2016.11.10

2017.*

2017.7.0rc1
2017.7.0
2017.7.1
2017.7.2
2017.7.3
2017.7.4
2017.7.5
2017.7.6
2017.7.7
2017.7.8

2018.*

2018.3.0rc1
2018.3.0
2018.3.1
2018.3.2
2018.3.3
2018.3.4
2018.3.5

2019.*

2019.2.0rc1
2019.2.0rc2
2019.2.0
2019.2.1
2019.2.2
2019.2.3
2019.2.4
2019.2.5
2019.2.6
2019.2.7
2019.2.8

3000.*

3000.0.0rc1
3000.0.0rc2
3000.1
3000.2
3000.3
3000.4
3000.5
3000.6
3000.7
3000.8
3000.9

Other

3000
3001rc1
3001
3002rc1
3002

3001.*

3001.1
3001.2
3001.3
3001.4
3001.5
3001.6
3001.7
3001.8

3002.*

3002.1
3002.2
3002.3
3002.4
3002.5
3002.6
3002.7
3002.8
3002.9

Database specific

{
    "last_known_affected_version_range": "<= 3002.6"
}