CVE-2023-34049

14.11.2024, 05:15

The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH.Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.7 MEDIUM	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
vmware	CNA	6.7 MEDIUM	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 14%

Ubuntu Releases

Ubuntu Product

Codename

salt

oracular	dne
noble	dne
mantic	dne
lunar	dne
jammy	needs-triage
focal	dne
bionic	needs-triage
xenial	needs-triage
trusty	ignored

References

https://saltproject.io/security-announcements/2023-10-27-advisory/