CVE-2024-38824
CRITICALSaltStack Salt 3006.0-3006.11 and 3007.0rc1-3007.3 - Path Traversal and Arbitrary File Write via recv_file Method
Title source: llmDescription
Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.
References (2)
Core 2
Core References
Release Notes, Vendor Advisory
https://docs.saltproject.io/en/3006/topics/releases/3006.12.html
Release Notes, Vendor Advisory
https://docs.saltproject.io/en/3007/topics/releases/3007.4.html
Scores
CVSS v3
9.6
EPSS
0.0038
EPSS Percentile
59.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-22
Status
published
Products (2)
pypi/salt
3007.0rc1 - 3007.4PyPI
saltstack/salt
3006.0 - 3006.12
Published
Jun 13, 2025
Tracked Since
Feb 18, 2026