CVE-2023-20898
Summary
| CVE | CVE-2023-20898 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-09-05 11:15:00 UTC |
| Updated | 2023-09-14 03:15:00 UTC |
| Description | Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. Anything that uses Git Providers with different environments can get garbage data or the wrong data, which can lead to wrongful data disclosure, wrongful executions, data corruption and/or crash. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Saltproject.io - Salt security advisory release - 2023-AUG-10 | MISC | saltproject.io | |
| [SECURITY] Fedora 37 Update: salt-3005.2-1.fc37 - package-announce - Fedora Mailing-Lists | MISC | lists.fedoraproject.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 284507 Fedora Security Update for salt (FEDORA-2023-ac1aa963e4)
- 754980 SUSE Enterprise Linux Security Update for salt (SUSE-SU-2023:3866-1)
- 754981 SUSE Enterprise Linux Security Update for salt (SUSE-SU-2023:3865-1)
- 754982 SUSE Enterprise Linux Security Update for salt (SUSE-SU-2023:3864-1)
- 754983 SUSE Enterprise Linux Security Update for salt (SUSE-SU-2023:3863-1)
- 754984 SUSE Enterprise Linux Security Update for salt (SUSE-SU-2023:3862-1)