CNNVD-202506-1763 Information

CNNVD ID

CNNVD-202506-1763

Related CVE

CVE-2025-22238

• CNNVD Published: 2025-06-13

Description (Chinese)

Salt是Salt项目的一个自动化、基础设施管理、数据驱动编排和远程执行应用程序。 Salt存在安全漏洞，该漏洞源于minion文件缓存创建中的目录遍历攻击，可能导致在缓存目录外写入或覆盖文件。

Description (English)

Salt is an automation, infrastructure management, data-driven organization and remote implementation application for the Salt project. There is a security loophole in Salt, which stems from the fact that the directories created by the minion file cache are attacked and may lead to the writing or overwhelming of files outside the cache directory.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Salt

Published

2025-06-13

Last Modified

2026-02-24

References

https://docs.saltproject.io/en/3006/topics/releases/3006.12.html https://docs.saltproject.io/en/3007/topics/releases/3007.4.html

Patch

https://packages.broadcom.com/artifactory/saltproject-generic/