A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s filesystem.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| salt(PyPI) | 0 | 3005.5 | N/A |
| salt(PyPI) | 3006.0 | 3006.6 | N/A |
CVSS Metrics
