CVE-2018-15750

MEDIUM

SaltStack Salt < 2017.7.8 and 2018.3.x < 2018.3.3 - Directory Traversal in salt-api

Title source: llm
STIX 2.1

Description

Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.

References (7)

Core 7
Core References
Release Notes, Vendor Advisory x_refsource_confirm
https://docs.saltstack.com/en/2017.7/topics/releases/2017.7.8.html
Release Notes, Vendor Advisory x_refsource_confirm
https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html
Release Notes, Third Party Advisory mailing-list x_refsource_mlist
https://groups.google.com/d/msg/salt-users/L9xqcJ0UXxs/qgDj42obBQAJ
Release Notes, Third Party Advisory mailing-list x_refsource_mlist
https://groups.google.com/d/msg/salt-users/dimVF7rpphY/jn3Xv3MbBQAJ
Mailing List mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/07/msg00024.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4459-1/

Scores

CVSS v3 5.3
EPSS 0.0424
EPSS Percentile 89.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-22
Status published
Products (2)
pypi/salt 2017.7.0 - 2017.7.8PyPI
saltstack/salt < 2017.7.8
Published Oct 24, 2018
Tracked Since Feb 18, 2026