Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Salt | Saltstack | * | 2014.1.9 (including) |
Salt | Ubuntu | trusty | * |
Salt | Ubuntu | trusty/esm | * |
Salt | Ubuntu | upstream | * |