SaltStack Directory Traversal Vulnerability in File Cache Creation

Vulnerability

A directory traversal vulnerability has been identified in SaltStack's file cache creation process for minions. This issue allows for writing or overwriting cache files outside of the designated cache directory. The vulnerability arises from the master's default cache configuration, which is susceptible to directory traversal attacks.

Impact

Exploitation of this vulnerability could lead to unauthorized writing or overwriting of cache files in locations outside the intended cache directory, potentially disrupting normal operations or causing data loss.

Added: Jun 13, 2025, 7:35 AM

Updated: Jun 13, 2025, 7:35 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SaltStack Directory Traversal Vulnerability in File Cache Creation

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating