Main Vulnerability Database Vulnerabilities #VU82944

UNIX symbolic link following in Salt - CVE-2023-34049

Published: November 9, 2023

Vulnerability identifier: #VU82944

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Clear

CVE-ID: CVE-2023-34049

CWE-ID: CWE-61

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: SaltStack

Affected software:
Salt

Detailed vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a symlink following issue in Salt-SSH pre-flight option. A local user can create a specially crafted symbolic link to an empty file on the system, wait for the salt to create the file for further execution, update the symbolic link and point it to another file that is under attacker's control and execute the file with root privileges.

How to mitigate CVE-2023-34049

Install updates from vendor's website.

Sources

https://saltproject.io/security-announcements/2023-10-27-advisory/

UNIX symbolic link following in Salt - CVE-2023-34049

Detailed vulnerability description

How to mitigate CVE-2023-34049

Sources

Please verify you're human