CVE-2018-15750: Path Traversal
First published: Wed Oct 24 2018(Updated: )
Directory Traversal vulnerability in salt-api in SaltStack Salt 2016.11.x before 2016.11.10, 2017.7.x before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SaltStack Salt | <2017.7.8 | |
| SaltStack Salt | >=2018.3.0<2018.3.3 | |
| pip/salt | >=2016.11.0<2016.11.10 | 2016.11.10 |
| pip/salt | >=2018.3.0<2018.3.3 | 2018.3.3 |
| pip/salt | >=2017.7.0<2017.7.8 | 2017.7.8 |
| debian/salt |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html
- https://docs.saltstack.com/en/2017.7/topics/releases/2017.7.8.html
- https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html
- https://groups.google.com/d/msg/salt-users/L9xqcJ0UXxs/qgDj42obBQAJ
- https://groups.google.com/d/msg/salt-users/dimVF7rpphY/jn3Xv3MbBQAJ
- https://lists.debian.org/debian-lts-announce/2020/07/msg00024.html
- https://usn.ubuntu.com/4459-1/
- https://launchpad.net/bugs/cve/CVE-2018-15750
- https://nvd.nist.gov/vuln/detail/CVE-2018-15750
- https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/2016.11.10.rst#L15
- https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/2017.7.8.rst#L28
- https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/2018.3.3.rst#L58
- https://github.com/advisories/GHSA-jx34-pppm-gjvr (Advisory)
- https://docs.saltstack.com/en/latest/topics/releases/2016.11.10.html#security-fix
- https://github.com/saltstack/salt/compare/v2016.11.9..v2016.11.10
- https://security-tracker.debian.org/tracker/CVE-2018-15750
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15750
- https://ubuntu.com/security/CVE-2018-15750
- https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2018-29.yaml
- https://usn.ubuntu.com/4459-1
Frequently Asked Questions
What is the CVE ID of this vulnerability?
The CVE ID of this vulnerability is CVE-2018-15750.
What is the severity of CVE-2018-15750?
The severity of CVE-2018-15750 is medium with a CVSS score of 5.3.
What is the affected software?
The affected software is SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3.
How can remote attackers exploit this vulnerability?
Remote attackers can exploit this vulnerability to determine which files exist on the server through directory traversal.
Where can I find more information about CVE-2018-15750?
You can find more information about CVE-2018-15750 at the following references: [link1], [link2], [link3].
- collector/nvd-index
- agent/author
- collector/launchpad-cve
- source/Launchpad
- agent/type
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/weakness
- agent/severity
- collector/mitre-cve
- source/MITRE
- collector/security-tracker-debian
- source/Debian
- collector/usn-cve
- source/Ubuntu
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-jx34-pppm-gjvr
- alias/CVE-2018-15750
- agent/last-modified-date
- agent/references
- agent/tags
- agent/event
- collector/github-advisory
- agent/trending
- vendor/saltstack
- canonical/saltstack salt
- version/saltstack salt/2018.3.0
- package-manager/debian
- package-manager/pip