An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "binary_name": "salt-api", "binary_version": "2015.8.8+ds-1ubuntu0.1+esm2" }, { "binary_name": "salt-cloud", "binary_version": "2015.8.8+ds-1ubuntu0.1+esm2" }, { "binary_name": "salt-common", "binary_version": "2015.8.8+ds-1ubuntu0.1+esm2" }, { "binary_name": "salt-doc", "binary_version": "2015.8.8+ds-1ubuntu0.1+esm2" }, { "binary_name": "salt-master", "binary_version": "2015.8.8+ds-1ubuntu0.1+esm2" }, { "binary_name": "salt-minion", "binary_version": "2015.8.8+ds-1ubuntu0.1+esm2" }, { "binary_name": "salt-proxy", "binary_version": "2015.8.8+ds-1ubuntu0.1+esm2" }, { "binary_name": "salt-ssh", "binary_version": "2015.8.8+ds-1ubuntu0.1+esm2" }, { "binary_name": "salt-syndic", "binary_version": "2015.8.8+ds-1ubuntu0.1+esm2" } ] }
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "binary_name": "salt-api", "binary_version": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1" }, { "binary_name": "salt-cloud", "binary_version": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1" }, { "binary_name": "salt-common", "binary_version": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1" }, { "binary_name": "salt-doc", "binary_version": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1" }, { "binary_name": "salt-master", "binary_version": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1" }, { "binary_name": "salt-minion", "binary_version": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1" }, { "binary_name": "salt-proxy", "binary_version": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1" }, { "binary_name": "salt-ssh", "binary_version": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1" }, { "binary_name": "salt-syndic", "binary_version": "2017.7.4+dfsg1-1ubuntu18.04.2+esm1" } ] }