CVE-2024-38824
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-06-13
Last updated on: 2025-07-10
Assigner: VMware
Description
Description
Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| saltstack | salt | From 3006.0 (inc) to 3006.12 (exc) |
| saltstack | salt | From 3007.0 (inc) to 3007.4 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a directory traversal issue in the recv_file method that allows an attacker to write arbitrary files to the master cache directory.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can write arbitrary files to the master cache directory, potentially leading to high confidentiality and integrity impacts by modifying or injecting malicious files.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70