CVE Published: 27/06/2024 |
CVE Updated: 05/11/2024 |
CVE Year: 2024 Source: vmware |
Vendor: VMware |
Product: Salt Project Status : PUBLISHED
CVE-2024-22232 Description
A specially crafted url can be created which leads to a directory traversal in the salt file server.
A malicious user can read an arbitrary file from a Salt master’s filesystem.
Metrics
CVSS Version: 3.1 |
Base Score: 7.7 HIGH Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N