SaltStack Salt multiple insecure temporary file creation vulnerabilities (CVE-2014-3563)
Release date:
Updated on:
Affected Systems:
SaltStack salt <2014.1.10
Description:
--------------------------------------------------------------------------------
Bugtraq id: 69319
CVE (CAN) ID: CVE-2014-3563
Salt is a basic platform management tool.
Salt (SaltStack) versions earlier than January 10, have multiple security vulnerabilities. this vulnerability can be exploited to create temporary files in py, salt-ssh, and salt-cloud.
<* Source: vendor
Link: http://xforce.iss.net/xforce/xfdb/95392
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
SaltStack
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://docs.saltstack.com/en/latest/topics/releases/2014.1.10.html
This article permanently updates the link address: