Fedora 43 update for salt

1) Path traversal

EUVDB-ID: #VU111851

Risk: Medium

CVSSv4.0: 6.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-38824

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error in recv_file method. A remote user can write arbitrary files to the master cache directory.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 43

salt: before 3007.4-2.fc43

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:43:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:salt:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-2025-551aed076e

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Insufficient verification of data authenticity

EUVDB-ID: #VU111856

Risk: Low

CVSSv4.0: 5.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22239

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

Exploit availability: No

Description

The vulnerability allows a local user to inject arbitrary events on Salt Master. 

The vulnerability exists due to insufficient verification of data authenticity. The master's "_minion_event" method can be used by and authorized minion to send arbitrary events onto the master's event bus.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 43

salt: before 3007.4-2.fc43

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:43:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:salt:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-2025-551aed076e

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper Authorization

EUVDB-ID: #VU111853

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22236

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: No

Description

The vulnerability allows a local user to impersonate other minions.

The vulnerability exists due to improper authorization. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 43

salt: before 3007.4-2.fc43

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:43:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:salt:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-2025-551aed076e

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Input validation error

EUVDB-ID: #VU111859

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22242

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the pub_ret method. A local user can attempt to read from a filename that will not return any data and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 43

salt: before 3007.4-2.fc43

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:43:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:salt:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-2025-551aed076e

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU111857

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22240

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to manipulate with files and directories.

The vulnerability exists due to improper input validation in find_file method of the GitFS class. A local user can create arbitrary directories or delete any file on the Master's process without necessary permissions. 

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 43

salt: before 3007.4-2.fc43

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:43:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:salt:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-2025-551aed076e

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU111858

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22241

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to bypass implemented security restrictions.

File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location and is present in the default configuration.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 43

salt: before 3007.4-2.fc43

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:43:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:salt:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-2025-551aed076e

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.