Home > Vulnerability Database > CVE-2023-34049

Mend.io Vulnerability Database

CVE-2023-34049

Good to know:

Date: November 13, 2024

The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH. The vulnerability is fixed in versions 3005.4 and 3006.4.

Language: Python

Severity Score

6.7

Related Resources (9)

Url: https://saltproject.io/security-announcements/2023-10-27-advisory/

Url: https://github.com/saltstack/salt/commit/286d55eb5a6e6bf9428405bdf5632b419bdf8444

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-34049

Url: https://saltproject.io/security-announcements/2023-10-27-advisory/index.html

Url: https://github.com/saltstack/salt

Url: https://github.com/saltstack/salt/commit/7a14112f2a16ce70e3c3e1862c92e37af5f2c7a4

Url: https://github.com/saltstack/salt/commit/8ed7bad4f8b9439ad2fbb86a22d120fb2fa592ce

Url: https://saltproject.io/security-announcements/2023-10-27-advisory

Url: https://www.mend.io/vulnerability-database/CVE-2023-34049

Severity Score

6.7

Weakness Type (CWE)

Generation of Predictable Numbers or Identifiers

CWE-340

Top Fix

Upgrade Version

Upgrade to version salt - 3005.4;salt - 3006.4

Learn More

CVSS v3.1

Base Score:	6.7
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-34049

Good to know:

Date: November 13, 2024

Language: Python

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?