GHSA-r546-h3ff-q585

Source

https://github.com/advisories/GHSA-r546-h3ff-q585

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-r546-h3ff-q585/GHSA-r546-h3ff-q585.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-r546-h3ff-q585

Aliases

CVE-2025-22238

Published

2025-06-13T09:30:33Z

Modified

2025-06-13T22:12:20.989075Z

Severity

4.2 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N CVSS Calculator

Summary

Salt vulnerable to directory traversal attack in minion file cache creation

Details

Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory.

Database specific

{
    "cwe_ids": [
        "CWE-22"
    ],
    "github_reviewed_at": "2025-06-13T21:20:12Z",
    "nvd_published_at": "2025-06-13T07:15:21Z",
    "severity": "MODERATE",
    "github_reviewed": true
}

References

Affected packages

PyPI / salt

Package

Name: salt; View open source insights on deps.dev
Purl: pkg:pypi/salt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3006.0rc1

Fixed

3006.12

Affected versions

3006.*

3006.0rc1

3006.0rc2

3006.0rc3

3006.0

3006.1

3006.2

3006.3

3006.4

3006.5

3006.6

3006.7

3006.8

3006.9

3006.10

3006.11

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-r546-h3ff-q585/GHSA-r546-h3ff-q585.json"

PyPI / salt

Package

Name: salt; View open source insights on deps.dev
Purl: pkg:pypi/salt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3007.0rc1

Fixed

3007.4

Affected versions

3007.*

3007.0rc1

3007.0

3007.1

3007.2

3007.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-r546-h3ff-q585/GHSA-r546-h3ff-q585.json"