Fedora EPEL 9 update for salt3006

1) Path traversal

EUVDB-ID: #VU111851

Risk: Medium

CVSSv4.0: 6.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-38824

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error in recv_file method. A remote user can write arbitrary files to the master cache directory.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 9

salt3006: before 3006.12-1.el9

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:salt3006:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-56a6ede4ef

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Insufficient verification of data authenticity

EUVDB-ID: #VU111856

Risk: Low

CVSSv4.0: 5.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22239

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

Exploit availability: No

Description

The vulnerability allows a local user to inject arbitrary events on Salt Master. 

The vulnerability exists due to insufficient verification of data authenticity. The master's "_minion_event" method can be used by and authorized minion to send arbitrary events onto the master's event bus.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 9

salt3006: before 3006.12-1.el9

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:salt3006:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-56a6ede4ef

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU111858

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22241

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to bypass implemented security restrictions.

File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location and is present in the default configuration.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 9

salt3006: before 3006.12-1.el9

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:salt3006:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-56a6ede4ef

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Input validation error

EUVDB-ID: #VU111859

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22242

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the pub_ret method. A local user can attempt to read from a filename that will not return any data and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 9

salt3006: before 3006.12-1.el9

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:salt3006:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-56a6ede4ef

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU111857

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22240

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to manipulate with files and directories.

The vulnerability exists due to improper input validation in find_file method of the GitFS class. A local user can create arbitrary directories or delete any file on the Master's process without necessary permissions. 

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 9

salt3006: before 3006.12-1.el9

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:salt3006:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-56a6ede4ef

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Insufficient verification of data authenticity

EUVDB-ID: #VU111850

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38823

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

Exploit availability: No

Description

The vulnerability allows a remote user to perform replay attacks.

The vulnerability exists due to missing authenticity checks when not using a TLS encrypted transport. A remote user can perform replay attacks. 

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 9

salt3006: before 3006.12-1.el9

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:salt3006:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-56a6ede4ef

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper Authentication

EUVDB-ID: #VU111852

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-38825

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in the salt.auth.pki module. The "password" field contains a public certificate which is validated against a CA certificate by the module. 

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 9

salt3006: before 3006.12-1.el9

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:salt3006:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-56a6ede4ef

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper authentication

EUVDB-ID: #VU111849

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38822

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote user to bypass authentication process.

The vulnerability exists due to multiple methods in the salt master skip minion token validation. A remote user can impersonate another minion. 

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 9

salt3006: before 3006.12-1.el9

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:salt3006:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-56a6ede4ef

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Path traversal

EUVDB-ID: #VU111855

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22238

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a local user to perform a directory traversal attack.

The vulnerability exists due to input validation error in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack, which could be leveraged to write or overwrite 'cache' files outside of the cache directory.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 9

salt3006: before 3006.12-1.el9

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:salt3006:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-56a6ede4ef

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper Authorization

EUVDB-ID: #VU111854

Risk: Low

CVSSv4.0: 2.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U/U:Clear]

CVE-ID: CVE-2025-22237

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper authorization. An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 9

salt3006: before 3006.12-1.el9

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:salt3006:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-56a6ede4ef

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper Authorization

EUVDB-ID: #VU111853

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22236

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: No

Description

The vulnerability allows a local user to impersonate other minions.

The vulnerability exists due to improper authorization. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 9

salt3006: before 3006.12-1.el9

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:salt3006:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-56a6ede4ef

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.