Primary

Context

Salt Project Directory Traversal Vulnerability in Master Cache Directory

Vulnerability

A directory traversal vulnerability has been identified in the Salt Project, specifically in version 3006.12 of the software. This vulnerability allows arbitrary files to be written to the master cache directory. The issue arises in the 'recv_file' method, where improper validation of file paths can be exploited to traverse directories and manipulate files outside of the intended directory structure.

Impact

Exploitation of this vulnerability could lead to unauthorized file writes in the master cache directory, potentially allowing for manipulation of cached data or execution of malicious payloads.

Remediation

Users can upgrade to Salt version 3007.4, which addresses this vulnerability.

Added: Jun 13, 2025, 8:18 AM

Updated: Jun 13, 2025, 8:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Salt Project Directory Traversal Vulnerability in Master Cache Directory

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating