pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c10f1/ALT-PU-2024-7869/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

106 lines
3.5 KiB
JSON
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20247869",
"Version": "oval:org.altlinux.errata:def:20247869",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-7869: package `salt` update to version 3005.5-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-7869",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-7869",
"Source": "ALTPU"
},
{
"RefID": "CVE-2024-22231",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-22231",
"Source": "CVE"
},
{
"RefID": "CVE-2024-22232",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-22232",
"Source": "CVE"
}
],
"Description": "This update upgrades salt to version 3005.5-alt1. \nSecurity Fix(es):\n\n * CVE-2024-22231: Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master.\n\n * CVE-2024-22232: A specially crafted url can be created which leads to a directory traversal in the salt file server.\nA malicious user can read an arbitrary file from a Salt masters filesystem.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-05-17"
},
"Updated": {
"Date": "2024-05-17"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2024-22231",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-22231",
"Impact": "None",
"Public": "20240627"
},
{
"ID": "CVE-2024-22232",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-22232",
"Impact": "None",
"Public": "20240627"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20247869001",
"Comment": "python3-module-salt is earlier than 0:3005.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20247869002",
"Comment": "salt-api is earlier than 0:3005.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20247869003",
"Comment": "salt-master is earlier than 0:3005.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20247869004",
"Comment": "salt-minion is earlier than 0:3005.5-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink