Bug 1219431 (CVE-2024-22232) - VUL-0: CVE-2024-22232: salt: A specially crafted url can be created which leads to a directory traversal in the salt file server.
Summary: VUL-0: CVE-2024-22232: salt: A specially crafted url can be created which lea...
Status: IN_PROGRESS
Alias: CVE-2024-22232
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/392706/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-22232:7.7:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2024-02-01 09:16 UTC by Gianluca Gabrielli
Modified: 2024-07-12 16:30 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Gianluca Gabrielli 2024-02-01 09:16:47 UTC
Salt security advisory release - 2024-JAN-31

CVE-2024-22232
    Description: A specially crafted url can be created which leads to a directory traversal in the salt file server.
    Impact: An arbitrary file can be read from a Salt master’s filesystem.
    Solution: Validate file paths after url translation is performed. There has also been extra validation added to file roots file_find and serve_file methods.
    How to Mitigate: Upgrade Salt masters to 3005.5 or 3006.6
    Attribution: Yudi Zhao (Huawei Nebula Security Lab), Chenwei Jiang (Huawei Nebula Security Lab)
    Severity Rating: 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

References:
https://saltproject.io/security-announcements/2024-01-31-advisory/
Comment 1 Gianluca Gabrielli 2024-02-01 09:50:54 UTC
Affected packages:
 - SUSE:ALP:Source:Standard:1.0/salt
 - SUSE:SLE-15-SP1:Update/salt
 - SUSE:SLE-15-SP2:Update/salt
 - SUSE:SLE-15-SP3:Update/salt
 - SUSE:SLE-15-SP4:Update/salt
 - SUSE:SLE-15-SP5:Update/salt
 - openSUSE:Factory/salt

Upstream fix: https://github.com/saltstack/salt/commit/e0cdb80b55123f4a024759ffcf2b3f0e0788e7ab
Comment 3 OBSbugzilla Bot 2024-02-01 19:35:03 UTC
This is an autogenerated message for OBS integration:
This bug (1219431) was mentioned in
https://build.opensuse.org/request/show/1143454 Factory / salt
Comment 4 Pablo Suárez Hernández 2024-02-05 09:46:00 UTC
All submissions to the affected codestreams have been created.

I'm setting the assignee back to Security team. Thanks.
Comment 5 Maintenance Automation 2024-02-15 16:31:02 UTC
SUSE-SU-2024:0510-1: An update that solves two vulnerabilities, contains one feature and has four security fixes can now be installed.

Category: security (important)
Bug References: 1193948, 1211649, 1215963, 1216284, 1219430, 1219431
CVE References: CVE-2024-22231, CVE-2024-22232
Jira References: MSQA-719
Sources used:
openSUSE Leap 15.5 (src): salt-3006.0-150500.4.29.1
SUSE Linux Enterprise Micro 5.5 (src): salt-3006.0-150500.4.29.1
Basesystem Module 15-SP5 (src): salt-3006.0-150500.4.29.1
Server Applications Module 15-SP5 (src): salt-3006.0-150500.4.29.1
Transactional Server Module 15-SP5 (src): salt-3006.0-150500.4.29.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 6 Maintenance Automation 2024-02-15 16:31:07 UTC
SUSE-SU-2024:0509-1: An update that solves two vulnerabilities, contains one feature and has four security fixes can now be installed.

Category: security (important)
Bug References: 1193948, 1211649, 1215963, 1216284, 1219430, 1219431
CVE References: CVE-2024-22231, CVE-2024-22232
Jira References: MSQA-719
Sources used:
SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): salt-3006.0-150400.8.54.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): salt-3006.0-150400.8.54.1
SUSE Manager Proxy 4.3 (src): salt-3006.0-150400.8.54.1
SUSE Manager Retail Branch Server 4.3 (src): salt-3006.0-150400.8.54.1
SUSE Manager Server 4.3 (src): salt-3006.0-150400.8.54.1
openSUSE Leap 15.4 (src): salt-3006.0-150400.8.54.1
openSUSE Leap Micro 5.3 (src): salt-3006.0-150400.8.54.1
openSUSE Leap Micro 5.4 (src): salt-3006.0-150400.8.54.1
SUSE Linux Enterprise Micro for Rancher 5.3 (src): salt-3006.0-150400.8.54.1
SUSE Linux Enterprise Micro 5.3 (src): salt-3006.0-150400.8.54.1
SUSE Linux Enterprise Micro for Rancher 5.4 (src): salt-3006.0-150400.8.54.1
SUSE Linux Enterprise Micro 5.4 (src): salt-3006.0-150400.8.54.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): salt-3006.0-150400.8.54.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): salt-3006.0-150400.8.54.1
SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): salt-3006.0-150400.8.54.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Maintenance Automation 2024-02-15 16:31:12 UTC
SUSE-SU-2024:0508-1: An update that solves two vulnerabilities, contains one feature and has four security fixes can now be installed.

Category: security (important)
Bug References: 1193948, 1211649, 1215963, 1216284, 1219430, 1219431
CVE References: CVE-2024-22231, CVE-2024-22232
Jira References: MSQA-719
Sources used:
openSUSE Leap 15.3 (src): salt-3006.0-150300.53.70.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): salt-3006.0-150300.53.70.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): salt-3006.0-150300.53.70.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): salt-3006.0-150300.53.70.1
SUSE Enterprise Storage 7.1 (src): salt-3006.0-150300.53.70.1
SUSE Linux Enterprise Micro 5.1 (src): salt-3006.0-150300.53.70.1
SUSE Linux Enterprise Micro 5.2 (src): salt-3006.0-150300.53.70.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src): salt-3006.0-150300.53.70.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Maintenance Automation 2024-02-15 16:31:17 UTC
SUSE-SU-2024:0507-1: An update that solves two vulnerabilities, contains one feature and has four security fixes can now be installed.

Category: security (important)
Bug References: 1193948, 1211649, 1215963, 1216284, 1219430, 1219431
CVE References: CVE-2024-22231, CVE-2024-22232
Jira References: MSQA-719
Sources used:
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): salt-3006.0-150200.118.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): salt-3006.0-150200.118.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): salt-3006.0-150200.118.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Maintenance Automation 2024-02-15 16:31:20 UTC
SUSE-SU-2024:0506-1: An update that solves two vulnerabilities, contains one feature and has four security fixes can now be installed.

Category: security (important)
Bug References: 1193948, 1211649, 1215963, 1216284, 1219430, 1219431
CVE References: CVE-2024-22231, CVE-2024-22232
Jira References: MSQA-719
Sources used:
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): salt-3006.0-150100.117.1
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): salt-3006.0-150100.117.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Maintenance Automation 2024-05-06 12:30:39 UTC
SUSE-SU-2024:1525-1: An update that solves two vulnerabilities, contains one feature and has five security fixes can now be installed.

Category: security (important)
Bug References: 1211649, 1211888, 1216850, 1218482, 1219001, 1219430, 1219431
CVE References: CVE-2024-22231, CVE-2024-22232
Jira References: MSQA-760
Maintenance Incident: [SUSE:Maintenance:33468](https://smelt.suse.de/incident/33468/)
Sources used:
SUSE Manager Client Tools for RHEL, Liberty and Clones 9 (src):
 venv-salt-minion-3006.0-1.36.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Maintenance Automation 2024-05-06 12:30:42 UTC
SUSE-SU-2024:1522-1: An update that solves two vulnerabilities, contains one feature and has five security fixes can now be installed.

Category: security (moderate)
Bug References: 1211649, 1211888, 1216850, 1218482, 1219001, 1219430, 1219431
CVE References: CVE-2024-22231, CVE-2024-22232
Jira References: MSQA-760
Maintenance Incident: [SUSE:Maintenance:33453](https://smelt.suse.de/incident/33453/)
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Maintenance Automation 2024-05-06 12:30:45 UTC
SUSE-SU-2024:1521-1: An update that solves two vulnerabilities, contains one feature and has five security fixes can now be installed.

Category: security (moderate)
Bug References: 1211649, 1211888, 1216850, 1218482, 1219001, 1219430, 1219431
CVE References: CVE-2024-22231, CVE-2024-22232
Jira References: MSQA-760
Maintenance Incident: [SUSE:Maintenance:33452](https://smelt.suse.de/incident/33452/)
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Maintenance Automation 2024-05-06 12:30:48 UTC
SUSE-SU-202404:15258-1: An update that solves two vulnerabilities, contains one feature and has five security fixes can now be installed.

Category: security (moderate)
Bug References: 1211649, 1211888, 1216850, 1218482, 1219001, 1219430, 1219431
CVE References: CVE-2024-22231, CVE-2024-22232
Jira References: MSQA-760
Maintenance Incident: [SUSE:Maintenance:33450](https://smelt.suse.de/incident/33450/)
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Maintenance Automation 2024-05-06 12:30:50 UTC
SUSE-SU-202404:15257-1: An update that solves two vulnerabilities, contains one feature and has five security fixes can now be installed.

Category: security (moderate)
Bug References: 1211649, 1211888, 1216850, 1218482, 1219001, 1219430, 1219431
CVE References: CVE-2024-22231, CVE-2024-22232
Jira References: MSQA-760
Maintenance Incident: [SUSE:Maintenance:33447](https://smelt.suse.de/incident/33447/)
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 17 Maintenance Automation 2024-05-06 12:30:54 UTC
SUSE-SU-2024:1518-1: An update that solves two vulnerabilities, contains one feature and has five security fixes can now be installed.

Category: security (important)
Bug References: 1211649, 1211888, 1216850, 1218482, 1219001, 1219430, 1219431
CVE References: CVE-2024-22231, CVE-2024-22232
Jira References: MSQA-760
Maintenance Incident: [SUSE:Maintenance:33451](https://smelt.suse.de/incident/33451/)
Sources used:
SUSE Manager Client Tools for SLE 15 (src):
 venv-salt-minion-3006.0-150000.3.54.3
SUSE Manager Client Tools for SLE Micro 5 (src):
 venv-salt-minion-3006.0-150000.3.54.3
SUSE Manager Proxy 4.3 Module 4.3 (src):
 venv-salt-minion-3006.0-150000.3.54.3
SUSE Manager Server 4.3 Module 4.3 (src):
 venv-salt-minion-3006.0-150000.3.54.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 18 Maintenance Automation 2024-05-06 12:30:56 UTC
SUSE-SU-2024:1517-1: An update that solves two vulnerabilities, contains one feature and has five security fixes can now be installed.

Category: security (important)
Bug References: 1211649, 1211888, 1216850, 1218482, 1219001, 1219430, 1219431
CVE References: CVE-2024-22231, CVE-2024-22232
Jira References: MSQA-760
Maintenance Incident: [SUSE:Maintenance:33448](https://smelt.suse.de/incident/33448/)
Sources used:
SUSE Manager Client Tools for SLE 12 (src):
 venv-salt-minion-3006.0-3.52.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 19 Maintenance Automation 2024-05-06 12:31:03 UTC
SUSE-SU-202404:15254-1: An update that solves two vulnerabilities, contains two features and has five security fixes can now be installed.

Category: security (moderate)
Bug References: 1211649, 1211888, 1216850, 1218482, 1219001, 1219430, 1219431
CVE References: CVE-2024-22231, CVE-2024-22232
Jira References: ECO-3319, MSQA-760
Maintenance Incident: [SUSE:Maintenance:33405](https://smelt.suse.de/incident/33405/)
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.